Jake1988

Members

View Profile See their activity

Posts
5
Joined
August 16, 2012
Last visited
August 24, 2012

Reputation

0 Neutral

Infected with trojanzeroaccessinf any advice?

Jake1988 replied to Jake1988's topic in Resolved Malware Removal Logs

HI My computer is running better than before. I no longer have the startup or antivirus software problems. Eset scanner did not find any threats. Mal Log Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.18.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Jake :: OLDGREGG [administrator] Protection: Enabled 21/08/2012 13:16:27 mbam-log-2012-08-21 (13-16-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196934 Time elapsed: 12 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Sorry about the wait. It took me ages to do the scan!
- August 21, 2012
- 10 replies
Infected with trojanzeroaccessinf any advice?

Jake1988 replied to Jake1988's topic in Resolved Malware Removal Logs

OTL OTL logfile created on: 17/08/2012 22:03:08 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jake\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.97 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.91% Memory free 6.14 Gb Paging File | 4.71 Gb Available in Paging File | 76.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222.33 Gb Total Space | 21.07 Gb Free Space | 9.48% Space Free | Partition Type: NTFS Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: OLDGREGG | User Name: Jake | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/17 20:28:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Downloads\OTL(1).exe PRC - [2012/08/17 13:13:26 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe PRC - [2012/08/17 13:00:38 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe PRC - [2012/05/17 18:39:06 | 000,932,528 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/02/19 21:37:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/02/03 15:14:44 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe PRC - [2011/09/22 01:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe PRC - [2011/04/28 09:27:52 | 000,192,856 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/28 15:30:56 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2009/01/20 09:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe PRC - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe PRC - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 13:13:26 | 020,316,496 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll MOD - [2012/08/17 13:13:25 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll MOD - [2012/08/17 13:13:25 | 000,900,944 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll MOD - [2012/08/17 13:13:25 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll MOD - [2012/08/17 13:13:25 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll MOD - [2012/06/14 18:23:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012/06/14 18:23:08 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012/06/14 18:22:23 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012/06/14 18:19:22 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012/05/17 18:39:06 | 000,932,528 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012/05/11 17:31:40 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012/05/11 17:23:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012/05/11 17:23:14 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll MOD - [2012/05/11 17:23:13 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll MOD - [2012/05/11 17:23:13 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll MOD - [2012/05/11 17:22:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012/05/11 17:12:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012/05/11 17:09:04 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012/05/11 17:08:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012/05/11 17:06:48 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012/05/11 17:06:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012/05/11 17:04:57 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012/02/19 21:37:33 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/04/28 09:27:52 | 000,192,856 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe MOD - [2010/09/16 21:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009/04/11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009/04/11 03:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008/11/18 20:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll MOD - [2008/11/18 19:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2008/11/18 19:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2008/11/18 19:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll MOD - [2008/11/18 19:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2008/11/18 19:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2008/11/18 19:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2008/11/18 19:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2008/09/24 01:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV - [2012/08/17 13:13:26 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/09/22 01:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security) SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV) SRV - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters) SRV - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012/08/16 20:11:02 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120817.003\NAVEX15.SYS -- (NAVEX15) DRV - [2012/08/16 20:11:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/08/16 20:11:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/16 20:11:02 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120817.003\NAVENG.SYS -- (NAVENG) DRV - [2012/06/14 19:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120722.001\IDSvix86.sys -- (IDSVix86) DRV - [2011/10/11 18:00:29 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\cchpx86.sys -- (ccHP) DRV - [2011/09/22 01:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symtdi.sys -- (SYMTDI) DRV - [2011/09/22 01:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symfw.sys -- (SYMFW) DRV - [2011/09/22 01:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symndisv.sys -- (SYMNDISV) DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2010/03/16 21:15:18 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010/01/20 22:03:39 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\SymEFA.sys -- (SymEFA) DRV - [2010/01/20 22:03:39 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtsp.sys -- (SRTSP) DRV - [2010/01/20 22:03:39 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86) DRV - [2010/01/20 22:03:39 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtspx.sys -- (SRTSPX) DRV - [2010/01/20 22:03:28 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009/01/20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/01/15 11:13:00 | 007,543,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/12/20 08:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/09/24 17:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {025691BC-FC8A-4AB2-96A1-7111A3722E0D} IE - HKLM\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb IE - HKLM\..\SearchScopes\{862D96F9-09F3-41FE-9635-F1FB35E4105F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKLM\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/9134 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060} IE - HKCU\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb IE - HKCU\..\SearchScopes\{862D96F9-09F3-41FE-9635-F1FB35E4105F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>;127.0.0.1:9421; ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jake\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 17:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/29 02:01:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 22:25:12 | 000,000,000 | ---D | M] [2010/03/15 21:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Extensions [2012/05/24 17:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions [2010/07/22 17:40:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/05/24 17:46:16 | 000,000,000 | ---D | M] (Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2012/08/17 19:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/02/19 21:37:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/06 20:51:27 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/10/06 20:51:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/10/06 20:51:27 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/06 20:51:27 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/06 20:51:27 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.mail.ru/cnt/9134 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jake\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2012/08/17 19:10:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [DrvUpdater] C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe () O4 - HKCU..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company) O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68EABCD3-3D92-4742-B663-6362B9F46391}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2C81628-7F6B-4DB2-B422-AADEB932A76C}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/08/17 19:18:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/17 19:07:33 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\temp [2012/08/17 18:46:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/08/17 18:46:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/08/17 18:46:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/08/17 18:46:13 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/08/17 18:44:14 | 004,733,838 | R--- | C] (Swearware) -- C:\Users\Jake\Desktop\ComboFix.exe [2012/08/17 14:15:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/17 14:14:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/17 10:53:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/08/15 00:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/17 21:55:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 21:55:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 21:55:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/17 19:56:44 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/17 19:56:39 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/08/17 19:55:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/17 19:54:26 | 3184,488,448 | -HS- | M] () -- C:\hiberfil.sys [2012/08/17 19:10:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/08/17 18:44:26 | 004,733,838 | R--- | M] (Swearware) -- C:\Users\Jake\Desktop\ComboFix.exe [2012/08/17 13:16:16 | 000,000,216 | ---- | M] () -- C:\Users\Jake\Desktop\Awesomenauts.url [2012/08/17 11:02:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJake.job [2012/08/17 10:55:21 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/08/17 10:52:46 | 242,813,380 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/08/16 09:25:51 | 000,008,268 | ---- | M] () -- C:\Users\Jake\AppData\Local\d3d9caps.dat [2012/07/23 19:40:46 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jake.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/17 18:46:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/08/17 18:46:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/08/17 18:46:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/08/17 18:46:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/08/17 18:46:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/08/17 10:52:46 | 242,813,380 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/08/16 22:26:09 | 3184,488,448 | -HS- | C] () -- C:\hiberfil.sys [2012/08/11 18:59:29 | 000,000,216 | ---- | C] () -- C:\Users\Jake\Desktop\Awesomenauts.url [2011/12/12 20:51:33 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2010/09/24 18:25:20 | 000,177,904 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010/08/21 16:28:10 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/06/07 12:11:44 | 000,004,096 | -H-- | C] () -- C:\Users\Jake\AppData\Local\keyfile3.drm [2010/03/26 11:44:39 | 000,014,336 | ---- | C] () -- C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/25 19:51:10 | 000,008,268 | ---- | C] () -- C:\Users\Jake\AppData\Local\d3d9caps.dat [2010/03/17 16:38:18 | 000,003,362 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\wklnhst.dat [2009/07/20 11:12:49 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/07/20 11:01:31 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009/07/20 10:57:51 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2011/01/05 01:34:48 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/08/17 19:51:21 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\DRPSu [2010/03/25 01:44:35 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Facebook [2012/06/24 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\FixZeroAccess [2010/06/15 13:45:49 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient [2012/06/07 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient2 [2012/03/28 22:07:26 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Might & Magic Heroes VI [2010/09/26 19:28:33 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\muvee Technologies [2011/01/03 17:58:14 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Serif [2012/08/17 19:51:22 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Spotify [2010/03/17 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Template [2011/05/20 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\The Creative Assembly [2010/07/05 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\WildTangent [2012/08/17 19:50:32 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: SERVICES > [2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services [2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services < MD5 for: SERVICES.AIP > [2010/04/07 21:47:20 | 000,132,544 | ---- | M] (Adobe Systems Incorporated) MD5=3E69B3D98D1B184EA96CFBC18CE07CA5 -- C:\Program Files\Adobe\Adobe Illustrator CS5\Plug-ins\Extensions\Services.aip < MD5 for: SERVICES.EXE > [2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe [2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe [2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe < MD5 for: SERVICES.EXE.MUI > [2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui [2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui < MD5 for: SERVICES.EXE.VIR > [2009/04/11 07:27:59 | 000,282,624 | ---- | M] () Unable to obtain MD5 -- C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir < MD5 for: SERVICES.LNK > [2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk < MD5 for: SERVICES.MOF > [2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof [2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof [2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof < MD5 for: SERVICES.MSC > [2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc [2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc [2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc [2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Jake\Desktop\re up finding nemo.avi:TOC.WMV < End of report > Thanks
- August 17, 2012
- 10 replies
Infected with trojanzeroaccessinf any advice?

Jake1988 replied to Jake1988's topic in Resolved Malware Removal Logs

Hi Took a while but here you go! [19:48:42] Jake Smithson: ComboFix 12-08-17.03 - Jake 17/08/2012 18:50:08.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1295 [GMT 1:00] Running from: c:\users\Jake\Desktop\ComboFix.exe Command switches used :: c:\users\Jake\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Jake\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jake\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@ c:\windows\jestertb.dll c:\windows\system32\drivers\etc\hosts.ics . c:\windows\system32\services.exe . . . is infected!! . . --------------- FCopy --------------- . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --> c:\windows\System32\services.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE} . . ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 ))))))))))))))))))))))))))))))) . . 2012-08-17 18:07 . 2012-08-17 18:12 -------- d-----w- c:\users\Jake\AppData\Local\temp 2012-08-17 18:07 . 2012-08-17 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-14 23:18 . 2012-08-14 23:18 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-25 07:40 . 2012-06-25 07:40 110080 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe 2012-06-25 07:40 . 2012-06-25 07:40 110080 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe 2012-06-25 07:40 . 2012-06-25 07:40 110080 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe 2012-06-02 22:19 . 2012-06-22 14:10 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 14:10 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 14:07 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 14:07 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-22 14:10 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-22 14:10 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-22 14:07 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-22 14:02 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:12 . 2012-06-22 14:01 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-02-19 20:37 . 2011-05-08 21:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Steam"="c:\program files\Steam\Steam.exe" [2012-08-17 1353080] "Akamai NetSession Interface"="c:\users\Jake\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] "DrvUpdater"="c:\users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe" [2011-04-28 192856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "Spotify Web Helper"="c:\users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-17 932528] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704] . c:\users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2008-12-04 05:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut] 2008-06-14 02:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut] 2008-12-24 22:45 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe . S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 23:07] . 2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 23:07] . 2012-08-17 c:\windows\Tasks\HPCeeScheduleForJake.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 19:34] . 2012-07-23 c:\windows\Tasks\Norton Security Scan for Jake.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-28 23:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mail.ru/cnt/9134 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = *.local;<local>;127.0.0.1:9421; IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{68EABCD3-3D92-4742-B663-6362B9F46391}: NameServer = 192.168.16.1 FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\ . - - - - ORPHANS REMOVED - - - - . SafeBoot-29850121.sys SafeBoot-60953222.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-17 19:12 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe c:\program files\SMINST\BLService.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\DllHost.exe c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe c:\program files\Kodak\KODAK Share Button App\Listener.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Steam\SteamService.exe c:\program files\Norton Internet Security\Engine\16.8.3.6\WSCStub.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe c:\program files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** . Completion time: 2012-08-17 19:21:06 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-17 18:20 . Pre-Run: 22,773,518,336 bytes free Post-Run: 22,534,377,472 bytes free . - - End Of File - - 1F3CF4936DCA9596D5F3E03298C56369 Thanks alot.
- August 17, 2012
- 10 replies
Infected with trojanzeroaccessinf any advice?

Jake1988 replied to Jake1988's topic in Resolved Malware Removal Logs

Hi, thanks for the help. I can't get Combofix to create a log as it vanishes after the process in complete. OLT worked fine though. OLT OTL logfile created on: 17/08/2012 14:23:30 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jake\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.97 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 54.43% Memory free 6.15 Gb Paging File | 4.71 Gb Available in Paging File | 76.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222.33 Gb Total Space | 23.70 Gb Free Space | 10.66% Space Free | Partition Type: NTFS Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: OLDGREGG | User Name: Jake | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/17 14:20:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Downloads\OTL.exe PRC - [2012/08/17 13:13:26 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe PRC - [2012/08/17 13:00:38 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe PRC - [2012/02/19 21:37:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/02/03 15:14:44 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe PRC - [2011/09/22 01:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/01/20 09:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe PRC - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe PRC - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 13:13:26 | 020,316,496 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll MOD - [2012/08/17 13:13:25 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll MOD - [2012/08/17 13:13:25 | 000,900,944 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll MOD - [2012/08/17 13:13:25 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll MOD - [2012/08/17 13:13:25 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll MOD - [2012/06/14 18:23:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012/06/14 18:23:08 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012/06/14 18:22:23 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012/06/14 18:19:22 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012/05/11 17:31:40 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012/05/11 17:23:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012/05/11 17:23:14 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll MOD - [2012/05/11 17:23:13 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll MOD - [2012/05/11 17:23:13 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll MOD - [2012/05/11 17:22:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012/05/11 17:12:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012/05/11 17:09:04 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012/05/11 17:08:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012/05/11 17:06:48 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012/05/11 17:06:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012/05/11 17:04:57 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012/03/28 20:18:27 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2012/02/19 21:37:33 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2010/09/16 21:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009/04/11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009/04/11 03:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008/11/18 20:03:14 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll MOD - [2008/11/18 19:57:08 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2008/11/18 19:57:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2008/11/18 19:56:58 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll MOD - [2008/11/18 19:56:56 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2008/11/18 19:56:40 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2008/11/18 19:56:40 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2008/11/18 19:56:40 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2008/09/24 01:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV - [2012/08/17 13:13:26 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/11/16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011/09/22 01:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security) SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV) SRV - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters) SRV - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- Combo-Fix.sys -- ({79007602-0CDB-4405-9DBF-1257BB3226EE}) DRV - [2012/08/16 20:11:02 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120816.048\navex15.sys -- (NAVEX15) DRV - [2012/08/16 20:11:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/08/16 20:11:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/16 20:11:02 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120816.048\naveng.sys -- (NAVENG) DRV - [2012/06/14 19:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120722.001\IDSvix86.sys -- (IDSVix86) DRV - [2011/10/11 18:00:29 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\cchpx86.sys -- (ccHP) DRV - [2011/09/22 01:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symtdi.sys -- (SYMTDI) DRV - [2011/09/22 01:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symfw.sys -- (SYMFW) DRV - [2011/09/22 01:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symndisv.sys -- (SYMNDISV) DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2010/03/16 21:15:18 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010/01/20 22:03:39 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\SymEFA.sys -- (SymEFA) DRV - [2010/01/20 22:03:39 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtsp.sys -- (SRTSP) DRV - [2010/01/20 22:03:39 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86) DRV - [2010/01/20 22:03:39 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtspx.sys -- (SRTSPX) DRV - [2010/01/20 22:03:28 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009/01/20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/01/15 11:13:00 | 007,543,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/12/20 08:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/09/24 17:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {025691BC-FC8A-4AB2-96A1-7111A3722E0D} IE - HKLM\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb IE - HKLM\..\SearchScopes\{862D96F9-09F3-41FE-9635-F1FB35E4105F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKLM\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/9134 IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060} IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes\{862D96F9-09F3-41FE-9635-F1FB35E4105F}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>;127.0.0.1:9421; ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jake\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 17:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/29 02:01:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 22:25:12 | 000,000,000 | ---D | M] [2010/03/15 21:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Extensions [2012/05/24 17:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions [2010/07/22 17:40:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/05/24 17:46:16 | 000,000,000 | ---D | M] (Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\vhbfrf03.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2012/08/17 12:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/02/19 21:37:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/10/06 20:51:27 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/10/06 20:51:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/10/06 20:51:27 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/06 20:51:27 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/06 20:51:27 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.mail.ru/cnt/9134 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jake\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011/03/12 21:53:38 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [Akamai NetSession Interface] C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [DrvUpdater] C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe () O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company) O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [spotify Web Helper] C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-605186710-3114713356-2354346427-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68EABCD3-3D92-4742-B663-6362B9F46391}: NameServer = 192.168.16.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2C81628-7F6B-4DB2-B422-AADEB932A76C}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Jake\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9f31569c-661e-11e1-8600-00269e1d3d84}\Shell - "" = AutoRun O33 - MountPoints2\{9f31569c-661e-11e1-8600-00269e1d3d84}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/08/17 14:20:03 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/08/17 14:15:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/17 14:14:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/17 10:53:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/08/15 00:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/17 13:55:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/17 13:16:16 | 000,000,216 | ---- | M] () -- C:\Users\Jake\Desktop\Awesomenauts.url [2012/08/17 12:58:43 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/08/17 12:57:59 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/17 12:57:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 12:57:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 12:56:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/17 12:56:52 | 3186,544,640 | -HS- | M] () -- C:\hiberfil.sys [2012/08/17 11:02:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJake.job [2012/08/17 10:55:21 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/08/17 10:52:46 | 242,813,380 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/08/16 09:25:51 | 000,008,268 | ---- | M] () -- C:\Users\Jake\AppData\Local\d3d9caps.dat [2012/07/23 19:40:46 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Jake.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/17 10:52:46 | 242,813,380 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/08/16 22:26:09 | 3186,544,640 | -HS- | C] () -- C:\hiberfil.sys [2012/08/11 18:59:29 | 000,000,216 | ---- | C] () -- C:\Users\Jake\Desktop\Awesomenauts.url [2012/01/11 20:39:03 | 000,002,048 | -HS- | C] () -- C:\Users\Jake\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ [2011/12/12 20:51:33 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2010/10/17 21:00:40 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2010/09/24 18:25:20 | 000,177,904 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010/08/21 16:28:10 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/06/07 12:11:44 | 000,004,096 | -H-- | C] () -- C:\Users\Jake\AppData\Local\keyfile3.drm [2010/03/26 11:44:39 | 000,014,336 | ---- | C] () -- C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/25 19:51:10 | 000,008,268 | ---- | C] () -- C:\Users\Jake\AppData\Local\d3d9caps.dat [2010/03/17 16:38:18 | 000,003,362 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\wklnhst.dat [2009/07/20 11:12:49 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/07/20 11:01:31 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini [2009/07/20 10:57:51 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2011/01/05 01:34:48 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/08/17 19:51:21 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\DRPSu [2010/03/25 01:44:35 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Facebook [2012/06/24 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\FixZeroAccess [2010/06/15 13:45:49 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient [2012/06/07 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient2 [2012/03/28 22:07:26 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Might & Magic Heroes VI [2010/09/26 19:28:33 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\muvee Technologies [2011/01/03 17:58:14 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Serif [2012/08/17 19:51:22 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Spotify [2010/03/17 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Template [2011/05/20 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\The Creative Assembly [2010/07/05 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\WildTangent [2012/08/17 12:56:00 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2009/02/28 15:44:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009/02/28 15:44:25 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009/02/28 15:44:25 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009/02/28 15:44:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: QMGR.DLL > [2008/01/21 03:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll < MD5 for: SERVICES > [2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services [2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services < MD5 for: SERVICES.AIP > [2010/04/07 21:47:20 | 000,132,544 | ---- | M] (Adobe Systems Incorporated) MD5=3E69B3D98D1B184EA96CFBC18CE07CA5 -- C:\Program Files\Adobe\Adobe Illustrator CS5\Plug-ins\Extensions\Services.aip < MD5 for: SERVICES.EXE > [2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [2009/04/11 07:27:59 | 000,282,624 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\services.exe < MD5 for: SERVICES.EXE.MUI > [2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui [2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui < MD5 for: SERVICES.EXE.ND_ > [2012/08/17 14:19:38 | 000,000,014 | ---- | M] () MD5=CEF854A550CEFD6DE45107D38B4DD48E -- C:\ComboFix\services.exe.ND_ < MD5 for: SERVICES.LNK > [2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk < MD5 for: SERVICES.MOF > [2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof [2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof [2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof < MD5 for: SERVICES.MSC > [2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc [2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc [2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc [2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc < MD5 for: SVCHOST.EXE > [2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe [2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe < MD5 for: USERINIT.EXE > [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s > "ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Jake\Desktop\re up finding nemo.avi:TOC.WMV < End of report > Extras OTL Extras logfile created on: 17/08/2012 14:23:30 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Jake\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.97 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 54.43% Memory free 6.15 Gb Paging File | 4.71 Gb Available in Paging File | 76.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222.33 Gb Total Space | 23.70 Gb Free Space | 10.66% Space Free | Partition Type: NTFS Drive D: | 10.55 Gb Total Space | 1.80 Gb Free Space | 17.04% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: OLDGREGG | User Name: Jake | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09DAE1D0-29A1-435A-9473-E98DB975F0B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0FBAFECE-FA09-4075-98D2-9370E412D19D}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | "{1118847A-F510-42E6-9A62-992FC753A4C8}" = lport=138 | protocol=17 | dir=in | app=system | "{13E042B3-447E-4E9D-A2B2-31682CB5760A}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{14B0256A-BFEB-4866-93B8-FA2000CFB0E2}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher | "{1851BEB5-2DD5-484D-AC85-06D5E2001B7F}" = rport=445 | protocol=6 | dir=out | app=system | "{2D1B45F2-DD63-4DE5-911D-9DFE4A0F163B}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{2D7816BB-B6B3-4D2F-8689-1DB6D41DF0A1}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher | "{30E1DD2E-D842-4EB0-B3E7-7A277715BC1E}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher | "{3241CB30-C981-42A8-99D0-103538EAD64D}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher | "{32E3BBC4-B556-4B19-B352-C5ACD70109DA}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher | "{33959E33-5DA0-4860-A61A-2F537217866A}" = lport=6960 | protocol=6 | dir=in | name=league of legends launcher | "{3BFD701A-555D-47C6-90EC-1663250207AF}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher | "{3E352296-724C-4C6B-A1A8-72FA30AA6163}" = lport=6964 | protocol=6 | dir=in | name=league of legends launcher | "{416E908F-321B-41A0-91C2-73C39676A2A5}" = lport=6942 | protocol=17 | dir=in | name=league of legends launcher | "{4176959F-D5F4-488E-A43F-B51EDC6C0AE0}" = rport=137 | protocol=17 | dir=out | app=system | "{47F5807A-0CA2-4626-BC0B-D57CAB958D6A}" = lport=6894 | protocol=6 | dir=in | name=league of legends launcher | "{4DB5FC07-6417-4417-A78F-7859B2924C4F}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher | "{563C4112-33BE-45CC-AE41-A700A4C433B7}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher | "{5B975087-D287-43CE-981D-EE5C417F86A0}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher | "{61DB71AD-0FE3-40A7-B3FF-D7C29CAEAFFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{62600736-72D4-464D-AD18-79A7D88CBBAA}" = lport=445 | protocol=6 | dir=in | app=system | "{62E114E4-0B97-4D22-BD7E-57DE633B6955}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher | "{63EED010-D5C8-41D8-89A6-88A9E8837CE7}" = lport=6894 | protocol=17 | dir=in | name=league of legends launcher | "{648E641B-02B2-42E1-B5FA-EF3BFAEEACCB}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher | "{67A2128B-EFCD-4C24-8C6C-00E1AC8F803B}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{680BB0DD-07BD-4407-B049-61638BB849BD}" = lport=6964 | protocol=17 | dir=in | name=league of legends launcher | "{699D488A-A24E-4FB1-8524-348203F7FDF2}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher | "{6B0A58D2-E57C-44AB-AC16-252A80E1DDDC}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher | "{781B87C8-C47E-40D6-B868-865442E1ED72}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | "{7B777A42-7CCB-4780-B0A6-01F0D91792DF}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | "{80C7289A-AC12-4B7D-9817-BBD692815C88}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher | "{8177DAE9-39C4-4796-A09B-84135B85395D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{871A667D-6B08-4D11-94FD-B10F148DE722}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{8AADFC95-29AC-4D4C-B1AB-33E2EC2357AD}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{93B4B878-69D3-4997-AD4B-EAD634AE3DD8}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher | "{A7CACFFF-BB0A-4CAB-8CCD-A1EAC68865E8}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher | "{A8B66EC4-C0DE-486E-9F72-47FF6A79C9AD}" = lport=139 | protocol=6 | dir=in | app=system | "{B0377119-3BE2-4AFB-A895-D0F2D13D5607}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{B6DC5A33-4D2D-453E-B12B-269F05F96E9F}" = lport=6899 | protocol=6 | dir=in | name=league of legends launcher | "{BE755B2A-B1CB-4BA5-8A7C-8794C753EE36}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | "{BEF55AF7-6EC2-4A89-8145-AB859D2FCC5E}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher | "{CE5BE03C-44C2-4D5C-84A1-3330085FD8F1}" = rport=138 | protocol=17 | dir=out | app=system | "{CF5E0CB6-2AA3-4089-83A8-7AD884430E96}" = lport=6934 | protocol=17 | dir=in | name=league of legends launcher | "{D1FBB309-AEFD-4502-8F6E-C8D7A0357F57}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{D420883E-8467-4914-B4FC-019690EC3E54}" = lport=137 | protocol=17 | dir=in | app=system | "{D56BE9E0-E679-4749-AE8C-A13833AD14E9}" = rport=139 | protocol=6 | dir=out | app=system | "{D6DC7B7B-C99B-4554-A06A-B3EA928F3354}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{D98BB5CA-D730-4752-987C-15BCA5E88976}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | "{DD3BDBD0-27BE-4DFD-B207-D9411B76F83A}" = lport=6932 | protocol=6 | dir=in | name=league of legends launcher | "{DDC1A6D3-B84C-4BB7-A68D-DC7FBED42DB4}" = lport=6934 | protocol=6 | dir=in | name=league of legends launcher | "{E0317492-7F32-404E-A860-1C272797EB8B}" = lport=6942 | protocol=6 | dir=in | name=league of legends launcher | "{E1086C36-5E75-4722-9105-DF570A5E03D1}" = lport=6960 | protocol=17 | dir=in | name=league of legends launcher | "{ED48B6E7-8C5C-4A2B-9266-17EAA4315897}" = lport=6932 | protocol=17 | dir=in | name=league of legends launcher | "{EDBF3618-87E6-45FA-9BD7-0DA4ACA65E9A}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{F5831082-C7AF-4F10-BDD8-195BA83F4650}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | "{F6A77A8E-5277-4434-B460-5D2818AD2585}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher | "{F9F8DA22-5FCF-435F-AAF7-154ADFEB1394}" = lport=6899 | protocol=17 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03EAF3B7-48FB-462F-A3F9-DBF86E98C3B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0982B97D-39C5-4F3A-8DEF-5D89C7341E3A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | "{0EB0BFAD-234F-402A-9C48-52C5AF2E11A4}" = protocol=6 | dir=in | app=c:\users\jake\appdata\roaming\spotify\spotify.exe | "{1233F655-CA98-48FB-94F9-97EB0BEF0742}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1BC85F6E-A578-4531-ACC2-18E6AB77049A}" = protocol=6 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | "{21E1C8B7-5C8F-47F0-90C1-A30BF2091EB8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{24897323-95EA-4CC4-89A9-7CE83E862E17}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | "{259531F0-DAB2-43DA-B5BF-02E2048A6153}" = protocol=17 | dir=in | app=c:\users\jake\appdata\local\akamai\netsession_win.exe | "{2677CE74-0347-4306-A72C-6FEDFA094DDC}" = dir=in | app=c:\program files\itunes\itunes.exe | "{271769DD-C3C2-4612-9E2A-054ED5AAE9A1}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{31534F46-B062-48DD-9608-C53B7D6E7C82}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | "{32C9888A-8473-4027-9B25-1EE29E6B8DF5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{362251A5-2742-47A6-A97B-F2CBDAA77AF0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe | "{365F7202-0C65-4D9E-ACD3-51036444F711}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sega classics\segagenesisclassics.exe | "{41DDB365-C8AB-4571-8B47-F4AC629CF43A}" = protocol=17 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | "{4286ADCB-4977-43B6-9233-2D26398125F0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{44FB8034-2D5E-4B60-84BE-DA44B8C9DF97}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{520FB5C6-794D-459A-B9BD-228B723A9D59}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe | "{54EA54CB-6BE1-4CD3-8674-824A9055CA8D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{54F653BF-DFA6-4FCD-ABC1-A94ED75A6817}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5A2EFDBC-2177-4539-BA94-FA7CEBE55DC8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{5B5519F7-5B56-48CD-8221-47E4A4D470C5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | "{5C919CD8-C91B-4D89-8B8C-50B50B05270F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{5F6D6458-0D93-46F3-B836-8E27B2E50B1E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{63858629-0192-4601-97A9-5EE0872C0229}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{6CC32395-C378-4FDE-B302-F9309F4CEF50}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{71A86E31-21DB-4354-AFF5-029A676B899B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sega classics\segagenesisclassics.exe | "{7830E5CB-86BC-4CB8-B7D0-8A635B06C5EA}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | "{7ECEE71D-954A-4D8D-93C3-0A3052091FE9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{83A49542-9ED5-4C59-9760-FD00E94020C4}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | "{8ADAFAB9-D529-465E-B4FA-7F0BD0EC94AC}" = protocol=6 | dir=in | app=c:\users\jake\appdata\local\akamai\netsession_win.exe | "{8FE478D5-4F16-41E9-A841-496795202469}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{971F8B6F-B8FB-4246-AD56-F8A6F00B75EE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe | "{9BE7671E-C8CE-4773-BDCE-F0AE9DE770E4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{9D212D3F-9F1F-40F1-8125-D8A5BF9AB670}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | "{9F84E0DD-90C6-4A99-92AA-DE6F3DE63008}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{A7E975EE-1D4C-45EB-BA35-A96853684F39}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe | "{A95FCC5A-8D70-498C-AE7E-25802FC99BE3}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{A96B62DC-D24F-419C-82CE-282C77E35A1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{AC5C9B7E-0F21-46D8-8EDD-EBD2AB373A89}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B4BFABFA-DD54-478C-9467-9CB71987FDE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B93EBDE8-CE52-49A4-B29C-A46D0C9A9665}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B97F00FB-FCB2-4BFD-BB9C-111800592474}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{BDA5A272-6F9F-4818-A2B2-BE75E3D8ECBD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{CE53E36B-0F80-45FF-B988-DA1E0EF80770}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\medieval ii total war\launcher.exe | "{D4F604AE-9EB3-4E04-925F-CD0A4A39B269}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{D633F93E-D195-4FF2-A335-619FC097FDB6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | "{D9714615-4583-41ED-B895-4FE696268EC5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{DAF49D7B-AE42-4E70-AF40-D3C62F9356A0}" = protocol=17 | dir=in | app=c:\users\jake\appdata\roaming\spotify\spotify.exe | "{DEAD307D-DA98-400F-9AE4-1D3E2510B22F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E0130B97-9886-4CF8-9197-C2B0FCF7C264}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | "{E0F12231-AC6B-400B-98E6-22D54EC33267}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | "{E15D8CBE-A73F-4649-A10A-D95A0EA2F4EE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{F0747AAA-999B-450D-BA11-397804CE60BC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | "TCP Query User{7EF7A52A-E6BE-4CCE-92E4-693206F940CF}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | "TCP Query User{97398458-4672-4D2F-B672-1A0B2FD20174}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "UDP Query User{4949D5AA-666D-4642-86E2-4550818CCDB1}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | "UDP Query User{6224A5BC-EF7D-4744-AB6A-049FDA0C4CB5}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}" = KODAK Share Button App "{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1 "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate "{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5 "{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}" = SpyHunter "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E1B3D19D-8C1D-4C91-86CE-FBB8F5624382}" = LCP New Generation Literacy Year4 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant "{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3AB84797D160AF55A0CC9990F040AFD2E44CD3B7" = Windows Driver Package - NVIDIA (nv) Display (12/05/2007 6.14.11.6921) "3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) "5820ED5B6B185D354EB99DCB0240AF46811B907C" = Windows Driver Package - NVIDIA (nv) Display (12/05/2007 6.14.11.6921) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface Service "AOL Toolbar" = AOL Toolbar 5.0 "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Setup.divx.com" = DivX Setup "Google Chrome" = Google Chrome "Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "League of Legends_is1" = League of Legends "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB) "NIS" = Norton Internet Security "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "Raptor - Call of the Shadows_is1" = Raptor - Call of the Shadows "Shockwave" = Shockwave "Soulseek2" = SoulSeek 157 NS 13e "Spotify" = Spotify "Steam App 204300" = Awesomenauts "Steam App 34270" = SEGA Genesis & Mega Drive Classics "Steam App 34330" = Total War: SHOGUN 2 "Steam App 440" = Team Fortress 2 "Steam App 47400" = Stronghold 3 "Steam App 48220" = Might & Magic ® Heroes ® VI "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™ "Steam App 570" = Dota 2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Total Annihilation - Commander Pack_is1" = Total Annihilation - Commander Pack "VLC media player" = VLC media player 1.1.0 "Warcraft III" = Warcraft III "WildTangent hp Master Uninstall" = My HP Games "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-605186710-3114713356-2354346427-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "DRPSu Updater" = DriverPack Solution Updater "Facebook Plug-In" = Facebook Plug-In "Spotify" = Spotify "Warcraft III" = Warcraft III: All Products ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013 Description = Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013 Description = Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013 Description = Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013 Description = Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013 Description = Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013 Description = Error - 16/08/2012 17:58:19 | Computer Name = OldGregg | Source = Windows Search Service | ID = 3013 Description = Error - 16/08/2012 18:05:17 | Computer Name = OldGregg | Source = Application Error | ID = 1000 Description = Faulting application Skype.exe, version 5.8.0.158, time stamp 0x4f4de709, faulting module Skype.exe, version 5.8.0.158, time stamp 0x4f4de709, exception code 0xc0000005, fault offset 0x001e4f47, process id 0xf9c, application start time 0x01cd7bf6f7b86955. Error - 17/08/2012 05:54:26 | Computer Name = OldGregg | Source = WinMgmt | ID = 10 Description = Error - 17/08/2012 07:58:25 | Computer Name = OldGregg | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 12/07/2010 03:26:02 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000 Description = Error - 12/07/2010 11:55:02 | Computer Name = OldGregg | Source = HTTP | ID = 15016 Description = Error - 12/07/2010 11:55:17 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000 Description = Error - 12/07/2010 16:38:31 | Computer Name = OldGregg | Source = HTTP | ID = 15016 Description = Error - 12/07/2010 16:38:58 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000 Description = Error - 13/07/2010 10:42:23 | Computer Name = OldGregg | Source = HTTP | ID = 15016 Description = Error - 13/07/2010 10:42:47 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000 Description = Error - 13/07/2010 14:25:29 | Computer Name = OldGregg | Source = HTTP | ID = 15016 Description = Error - 13/07/2010 14:25:54 | Computer Name = OldGregg | Source = Service Control Manager | ID = 7000 Description = Error - 13/07/2010 15:53:39 | Computer Name = OldGregg | Source = HTTP | ID = 15016 Description = < End of report > Thanks again. Jake
- August 17, 2012
- 10 replies
Infected with trojanzeroaccessinf any advice?

Jake1988 posted a topic in Resolved Malware Removal Logs

Hi I have been stuck with this for a about a month now as i've not been able to recieve any help with it. First virus started off as a trojan zero access but has now become trojan zero access inf. I have ran Malwarebytes which found the virus but problems are still persisting. Problems include a lengethend start up time where i have to run system restore every time. Loss of data which i have saved from my last sessioin on the computer. Virus protection software (norton antivirus) keeps turning off. Using a Compaq Presario CQ61 with windows vista. If anyone could help it would be greatly appreciated! Thanks. Jake DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Jake at 11:11:54 on 2012-08-17 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1826 [GMT 1:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Kodak\KODAK Share Button App\Listener.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Steam\steam.exe C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe C:\Users\Jake\AppData\Roaming\DRPSu\DrvUpdater.exe C:\Program Files\Skype\Phone\Skype.exe C:\Users\Jake\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Windows\system32\werfault.exe C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.mail.ru/cnt/9134 uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = *.local;<local>;127.0.0.1:9421; BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [Akamai NetSession Interface] "c:\users\jake\appdata\local\akamai\netsession_win.exe" uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe uRun: [DrvUpdater] c:\users\jake\appdata\roaming\drpsu\DrvUpdater.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [spotify Web Helper] "c:\users\jake\appdata\roaming\spotify\data\SpotifyWebHelper.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit StartupFolder: c:\users\jake\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{68EABCD3-3D92-4742-B663-6362B9F46391} : NameServer = 192.168.16.1 TCP: Interfaces\{D2C81628-7F6B-4DB2-B422-AADEB932A76C} : DhcpNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\jake\appdata\roaming\mozilla\firefox\profiles\vhbfrf03.default\ FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\users\jake\appdata\roaming\facebook\npfbplugin_1_0_3.dll . ============= SERVICES / DRIVERS =============== . R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-11 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-11 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-11 467592] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120722.001\IDSvix86.sys [2012-7-24 382624] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_fa807195\AEstSrv.exe [2009-7-20 81920] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-28 365952] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-28 222512] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-9-24 45600] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008030.006\symndisv.sys [2011-10-11 48760] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 135664] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-16 106656] S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 135664] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-08-14 23:18:40 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard . ==================== Find3M ==================== . 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe . ============= FINISH: 11:13:08.83 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 20/07/2009 10:25:37 System Uptime: 17/08/2012 10:52:25 (1 hours ago) . Motherboard: Quanta | | 306A Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 1200/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 23.378 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.798 GiB free. E: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP491: 16/07/2012 20:52:20 - Installed DirectX RP492: 24/07/2012 14:32:21 - Scheduled Checkpoint . ==== Installed Programs ====================== . Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Community Help Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Illustrator CS5 Adobe Media Player Adobe Reader 9 Adobe Shockwave Player Adobe Shockwave Player 11.5 Akamai NetSession Interface Akamai NetSession Interface Service AOL Toolbar 5.0 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program Bonjour CCleaner Compatibility Pack for the 2007 Office system CyberLink DVD Suite CyberLink YouCam DivX Setup Dota 2 DriverPack Solution Updater ESU for Microsoft Vista Facebook Plug-In Google Chrome Google Update Helper Heroes of Might & Magic V: Hammers of Fate Heroes of Might and Magic V Heroes of Might and Magic V - Tribes of the East Heroes of Might and Magic® III Complete Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Common Access Service Library HP Customer Experience Enhancements HP DVD Play 3.7 HP Help and Support HP Quick Launch Buttons 6.40 M1 HP Total Care Advisor HP Total Care Setup HP Update HP User Guides 0138 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant IDT Audio iTunes Java 6 Update 11 KODAK Share Button App LabelPrint LCP New Generation Literacy Year4 League of Legends LightScribe System Software 1.14.17.1 Malwarebytes' Anti-Malware McAfee Security Scan Plus Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Might & Magic ® Heroes ® VI Mozilla Firefox 10.0.2 (x86 en-GB) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My HP Games Norton Internet Security Norton Security Scan NVIDIA Drivers Pando Media Booster PDF Settings CS5 Power2Go PowerDirector QuickTime Raptor - Call of the Shadows Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SEGA Genesis & Mega Drive Classics Serif PhotoPlus SE Shockwave Skype Toolbars Skype™ 5.8 SoulSeek 157 NS 13e Spotify SpyHunter Steam Stronghold 3 Synaptics Pointing Device Driver Team Fortress 2 Total Annihilation - Commander Pack Total War: SHOGUN 2 Ubisoft Game Launcher Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Office 2007 (KB934528) VC80CRTRedist - 8.0.50727.4053 Ventrilo Client VLC media player 1.1.0 Warcraft III Warcraft III: All Products Warhammer® 40,000®: Dawn of War® II – Retribution™ Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) Windows Driver Package - NVIDIA (nv) Display (12/05/2007 6.14.11.6921) World of Warcraft . ==== End Of File =========================== Attaching files wasn't working so i've just posted them. Hope that's ok!
- August 17, 2012
- 10 replies

Sign In

Jake1988

Posts

Joined

Last visited

Reputation

Infected with trojanzeroaccessinf any advice?

Infected with trojanzeroaccessinf any advice?

Infected with trojanzeroaccessinf any advice?

Infected with trojanzeroaccessinf any advice?

Infected with trojanzeroaccessinf any advice?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information