misternil

Members

View Profile See their activity

Posts
15
Joined
November 7, 2012
Last visited
November 16, 2012

Reputation

0 Neutral

Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

I do not seem to be getting the redirects. I will keep an eye out and see if they reoccur (I thought I had cleaned this out previously but it came back)... Thank you very much!
- November 16, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

ran ESET before leaving for work . Son came home and saw notes on comp(do not use). He says the comp had gone to BSOD so he rebooted comp and redid the scan but left "remove found threats" ticked. I do not know if he made sure the other 3 were ticked. The results are below --- should I redo scan again? results C:\MGtools\Process.exe Win32/PrcView application cleaned by deleting - quarantined C:\Users\Owner\Desktop\Download Dump\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined C:\Users\Owner\Desktop\Download Dump\frostwire-5.1.3.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined C:\_OTL\MovedFiles\11122012_200427\C_Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi JS/Redirector.NCA trojan deleted - quarantined MWB scan results (run before ESET) Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.14.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-PC [administrator] 11/14/2012 7:58:04 AM mbam-log-2012-11-14 (07-58-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226188 Time elapsed: 3 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- November 15, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

Just checked... does not seem to be redirecting! Thank you sir!
- November 13, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

Wow you are quick! Sorry I had not run the scan again as of your last post .... logfile is above
- November 13, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

OTL logfile created on: 11/12/2012 8:15:51 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop\Virus fixit folder 1 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.16% Memory free 16.05 Gb Paging File | 14.47 Gb Available in Paging File | 90.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 174.70 Gb Free Space | 37.51% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Owner\Desktop\Virus fixit folder 1\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe () PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe () MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () ========== Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes\{2E2893F6-85C1-4EF5-8F15-43C0A0872A13}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0 FF - prefs.js..extensions.enabledAddons: esnipesnipeit@esnipe.com:1.1.11 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/09/17 16:45:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2010/04/06 17:45:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M] [2008/02/06 09:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions [2012/11/12 20:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions [2012/09/04 22:18:05 | 000,040,385 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\esnipesnipeit@esnipe.com.xpi [2012/07/08 09:34:22 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012/11/12 20:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009/08/05 01:37:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/10/27 13:05:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/30 14:10:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/12 10:34:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/11/12 20:08:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F81E465-9F09-4A29-B3A2-3D807CA50C80}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/12 20:04:27 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/10 07:27:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Hero Lab [2012/11/10 07:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab [2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hero Lab [2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Lab [2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp [2012/11/08 15:54:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/11/08 14:38:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/08 14:38:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/08 14:38:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/08 14:31:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/08 14:26:38 | 004,998,107 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2012/11/08 14:20:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus fixit folder 1 [2012/11/07 03:02:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JoAnne [2012/10/27 13:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMI Tools [2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMI Tools [2012/10/20 08:45:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/10/20 08:45:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/10/20 08:45:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/10/20 08:44:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/10/20 08:44:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/10/20 08:44:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/10/20 08:44:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/10/20 08:44:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/10/20 08:44:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/10/20 08:44:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/10/20 08:44:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/10/20 08:44:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/10/20 08:44:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/10/20 08:44:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/10/20 08:44:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/10/20 08:41:39 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/10/20 08:41:31 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/10/20 08:41:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/10/20 08:41:25 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/10/20 08:41:24 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012/10/20 08:41:23 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll [2012/10/20 08:40:12 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012/10/20 08:38:14 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/10/20 08:24:25 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012/10/20 08:24:25 | 000,072,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll [2012/10/20 08:24:24 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012/10/20 08:24:24 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012/10/20 08:24:24 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012/10/20 08:24:24 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012/10/20 08:24:24 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012/10/20 08:24:24 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012/10/20 08:24:24 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012/10/20 08:24:24 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012/10/20 08:24:24 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012/10/20 08:24:24 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012/10/20 08:24:24 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012/10/20 08:24:24 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012/10/20 08:24:24 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012/10/20 08:24:24 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012/10/20 08:24:23 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012/10/20 08:24:23 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012/10/20 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/10/20 08:20:07 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/10/20 08:19:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/10/20 08:19:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/10/20 08:19:37 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll ========== Files - Modified Within 30 Days ========== [2012/11/12 20:17:33 | 000,716,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/12 20:17:33 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/12 20:17:33 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/12 20:10:19 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/12 20:10:19 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/12 20:10:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/12 20:08:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/12 20:01:19 | 000,509,750 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/11/12 20:00:53 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/11/12 15:20:51 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat [2012/11/12 09:31:01 | 100,027,288 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/11/10 14:23:14 | 726,057,052 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/10 12:53:03 | 000,938,643 | ---- | M] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf [2012/11/10 07:32:07 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Hero Lab.lnk [2012/11/08 14:26:40 | 004,998,107 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2012/10/20 21:37:18 | 000,252,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/10/20 08:19:14 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/10/20 08:19:09 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/10/20 08:19:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/10/20 08:19:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/10/20 08:19:07 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll ========== Files Created - No Company Name ========== [2012/11/10 12:52:12 | 000,938,643 | ---- | C] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf [2012/11/10 07:27:37 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Hero Lab.lnk [2012/11/08 14:38:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/08 14:38:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/08 14:38:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/08 14:38:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/08 14:38:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/10/20 08:24:23 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2011/05/30 18:30:06 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2011/05/22 10:04:37 | 000,071,801 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\icarus-dxdiag.xml [2011/01/16 14:52:02 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\setup_ldm.iss [2009/09/16 22:07:51 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat [2009/09/06 22:35:26 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2009/08/08 09:48:45 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat [2009/08/01 23:30:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/01/26 06:11:21 | 000,002,188 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe [2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: SVCHOST.EXE > [2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe [2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe [2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe < MD5 for: USERINIT.EXE > [2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe [2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe [2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe [2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:679ABA25 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report >
- November 13, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

text file created at reboot: All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Prefs.js: obmfbglyzf@obmfbglyzf.org:1.0 removed from extensions.enabledAddons C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\META-INF folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\chrome folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} folder moved successfully. C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully. C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully. C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully. C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully. C:\Windows\msdownld.tmp folder deleted successfully. C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Owner\Desktop\Virus fixit folder 1\cmd.bat deleted successfully. C:\Users\Owner\Desktop\Virus fixit folder 1\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Owner ->Temp folder emptied: 2010096 bytes ->Temporary Internet Files folder emptied: 1882968 bytes ->Java cache emptied: 870934987 bytes ->FireFox cache emptied: 60246807 bytes ->Flash cache emptied: 1959399 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 630 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 894.00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 11122012_200427 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
- November 13, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

OTL Extras logfile created on: 11/11/2012 4:19:20 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.56% Memory free 16.21 Gb Paging File | 14.70 Gb Available in Paging File | 90.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 177.29 Gb Free Space | 38.06% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 60 C1 09 74 52 18 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03D3C958-642A-4BD7-ACF4-7E1F3530FB48}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{0CEF8B4D-8212-4C7C-AD1E-3A67B2EB37C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{17147296-F842-4106-AC6C-9AD21FDE14F0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{1F446AB0-ED47-42A6-A810-1E3035783EE7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{24D18A76-5C98-4DA5-83EC-89164FB033AF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{2BB5DC04-0FC3-4986-9AB0-725609DA6DED}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{2D548A03-0EEF-4E36-8F5C-4B49A69A71E5}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "{316A39DB-DDA7-471E-A379-A0C861D09061}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{32FB7C1F-B004-4AA3-9617-3344FA91AAEC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3319F9FD-1AD5-4523-BC39-D76FC68BDF51}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{36F4635E-D371-450E-9309-56934E256F1A}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe | "{3B6DB452-03C1-4FBF-8246-F7149FEF91B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{3C8D7496-FE58-4BEE-BC71-14545D91C903}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{3CD6AFAF-1C63-43FC-99DE-7D78065A0B04}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{490779CA-0735-4CD2-8452-38918EDF54A6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{4918B8E4-489B-4D3E-BF68-C12135E0065C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{494EBC06-F779-4038-AE01-2235612A6402}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{50C90A7B-4A97-4EAB-8955-F29F2E877498}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{52BC804A-FE68-4B11-9896-2171F709269D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{53348AC4-D1D3-4182-95C4-26327D4B0221}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{5458291F-91C7-41C7-B009-2A7F0699991C}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe | "{557769A8-6E34-4591-AEA1-FA9D0F764B00}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{57FE131C-502E-4496-AE13-097DD2A2D861}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "{59A18BA0-8F72-4627-96B6-678DB9C7F20C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{5BD43DDA-6DD8-4C8E-B41C-E9B44B5A1343}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{62863D68-C4F1-4DE6-B910-047F481BB27C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{63341B7A-D2D5-46F2-BB3A-C6D7AF6E467C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{63DBC8CB-A66E-46A6-8D4C-7ED4B1DD8387}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{7332B69E-9704-43CA-93FF-1F2B843498D0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{758B40BF-FDCD-4F1B-A050-FDE4280BE7B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7E9BCA33-CBDF-4915-A363-B55CAC784439}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{7F5D0BBA-EB73-4FA2-9E5F-C3C55291CFE7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{82BBD297-ACC8-455C-B4CE-8F4312580BEA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{84E9BC3F-3815-48D0-B383-4C94D32943AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{87430AE1-18C4-42B1-847B-A3B1517AD8FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{88351A79-079C-475D-B500-8C24F9444E53}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{88530B21-AD87-4F9C-A9C2-3F2FD6C73395}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\turbineinvoker.exe | "{8C7056D2-5444-4E50-B55C-38CAB5EA07E5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{8FE66B0C-4177-4210-BCC6-67D6973AD187}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | "{935FEAC6-D46B-4BC6-A048-EC2B552EC9A1}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{97C11290-9EF1-4A4D-99EA-C4A313B2EF36}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{988FC537-43A3-482D-BD65-0CD7F6C94A29}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{9A2AEDE3-2E06-4411-A664-ABAFEFC663D8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{9B3D4889-0F08-4EBE-9EA0-A9721ECC420E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{A1FC2FD5-9B62-4D22-8583-5F0712885E2A}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe | "{A66B44DE-836F-4CC5-8A13-CDB2D3ECAAFC}" = protocol=6 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe | "{A7057AA3-2556-4505-8D8D-34D4EE0C4021}" = protocol=17 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe | "{AF1FD934-C247-4EEA-B7B4-52913B580D07}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{B5300041-32E9-49DF-9A13-DE50E5415901}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{BC007471-680A-4D7D-A0CA-62680D52E0BF}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe | "{BE788664-E6C6-45D3-B8EC-2627196AA855}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | "{BEC85277-7BB7-4A01-8E43-30F3B494E445}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{C62ED905-F7A2-47B8-9820-FE2974273E3A}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe | "{CE97E628-6DB4-4214-9F79-9A416A9B4E54}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | "{CFA4793E-754A-468C-B9C2-C13F5B723851}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{CFEDA699-641A-45FB-93EB-444DCF69D12F}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\turbineinvoker.exe | "{CFF12A65-F221-41E8-BAAC-EB5D259500AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D2885321-4C38-4395-825C-BF482298ED58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D64BB005-1584-4CD4-9A15-4FD614FCADF9}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{DBD4BFB3-54E2-4DF2-93AD-D939DBF3B769}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{E108DFF3-0522-43B3-8DA1-67DE9649CCB6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{E1180D9F-02D6-4B98-98AF-30BDA8031ED2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{E1F30509-0B8C-42E2-AD92-0B30D4DE0E93}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{E4B0180C-64A7-4317-A9BE-74AD277D9DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{E9E8ED28-7136-44A1-A3AA-AA2C00DCD2D9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{F6B68A38-91AD-40C3-B351-BB11C4A6F9B5}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "TCP Query User{010AC8CC-A4E8-4E4E-8534-593984611BA1}C:\program files (x86)\funcom\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconandx10.exe | "TCP Query User{0EEDBDD5-7800-4E68-85BC-8FC711A589F1}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{1698627C-770B-441B-A24E-501392CE33AB}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | "TCP Query User{1B742ACF-CAF4-472E-AAC0-E7360C011D0D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{267FE803-CBE2-4563-BF4C-4BDE1E2C522C}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe | "TCP Query User{2E53F4A8-7430-4F5D-8E16-E6858F39F8C6}C:\users\owner\downloads\adventuretoolsdownloader.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\adventuretoolsdownloader.exe | "TCP Query User{3A52AC41-C9DD-42D3-86C5-146D5EF42EFA}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | "TCP Query User{47B698FD-3C31-4B08-911F-58BD58152C4C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{4E30AC8B-82C6-4726-8C84-D749876840B7}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{5AFA499E-380B-4BB9-96A6-3BDEDC33D863}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "TCP Query User{8C886B8F-72B7-4819-A9C0-56FB73F773AC}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | "TCP Query User{9F56453B-B216-4588-8A08-45D8B635CF3F}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | "TCP Query User{BA2B6C1F-137C-4098-89C9-203846FB985E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{F4217529-2D6C-4948-89DC-59E0CD6F5607}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{008E33B4-E705-41EC-9278-9CC0CEEF8C42}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{05B5186B-7677-443A-B30B-B395943763CA}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe | "UDP Query User{07324C8A-0756-4A90-A0B6-E714F893BC0C}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | "UDP Query User{0EDC713C-2B26-4A4C-8A6C-650FB95795DC}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{2CD1E1B0-BCF2-4FFE-A1DB-C279AF6D2D95}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "UDP Query User{30F6ADA8-0844-4B2E-B472-6239CD19B347}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{49409D46-DF5C-4DF9-8DD5-2D6AAABA97C7}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | "UDP Query User{49FFD0DF-A912-4479-88AE-C50C4F9240C8}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | "UDP Query User{5BED7501-3032-46A9-B242-3770540FE419}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | "UDP Query User{767FE51E-D5CD-4136-92D6-9EEC8BC586DE}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "UDP Query User{7EC54E45-2728-483F-B297-FCCA5EC848E9}C:\program files (x86)\funcom\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconandx10.exe | "UDP Query User{B632473F-6B81-41FF-910B-3DCFE100A157}C:\users\owner\downloads\adventuretoolsdownloader.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\adventuretoolsdownloader.exe | "UDP Query User{BE96268B-7082-4E7A-8F66-6080E9F9210B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{D5A66258-9091-4C7E-9295-9EC37E72ED51}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{122CFA16-E9CF-488D-9D4E-60D81F619724}" = AVG 2011 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416019FF}" = Java 6 Update 19 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{902DCF72-EB95-4154-A81B-81000969927E}" = AVG 2011 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2011 "HitmanPro36" = HitmanPro 3.6 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{25A13826-8E4A-4FBF-AD2B-776447FE9646}" = WMI Tools "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 23 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}" = Roleplaying City Map Generator 5.40 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder "{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1" = Hero Lab 4.1 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.116.12060 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87464284-11C8-4F83-88EC-E8013320B789}" = AOC UI Installer 3.1.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A4552E28-AF1D-4C3E-9991-8112F40265F4}" = Adventure Tools "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{CDC7F188-3A08-45C3-8C3C-99BE32911949}" = Photo Transport "{CF566D77-F6F4-420C-91D5-3C4808547443}" = NWZ-S760 WALKMAN Guide "{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{E8A0BF78-AEC5-449A-A391-1B20535009D6}" = TableSmith "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.53 Free Edition "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.03.8013 "15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.03.800 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Conan_is1" = Age of Conan - Hyborian Adventures "AutoHotkey" = AutoHotkey 1.1.02.02 "AutoREALM_is1" = AutoREALM Version 2.2.1 "BitTorrent" = BitTorrent "Campaign Cartographer 2" = Campaign Cartographer 2 "CCleaner" = CCleaner "ComcastHSI" = Comcast High-Speed Internet Install Wizard "CUZ4_is1" = CAM UnZip 4.42 "DCrafter3" = Dungeon Crafter III (remove only) "Diablo III" = Diablo III "Free RAR Extract Frog" = Free RAR Extract Frog "FrostWire 5" = FrostWire 5.1.3 "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "Steam App 72850" = The Elder Scrolls V: Skyrim "SystemRequirementsLab" = System Requirements Lab "Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning "WinPatrol" = WinPatrol 2009 "WinRAR archiver" = WinRAR 4.01 (32-bit) "Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.73 "Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14 "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CohMapPack" = VidiotMaps Map Overlay "Facebook Plug-In" = Facebook Plug-In "Move Media Player" = Move Media Player "NCsoft-CityOfHeroes" = City of Heroes ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/7/2012 9:36:42 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 11/8/2012 12:02:34 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 11/8/2012 3:19:50 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 11/8/2012 4:34:04 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 11/8/2012 4:55:15 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 11/9/2012 12:02:39 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 11/9/2012 6:38:46 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 11/10/2012 3:27:32 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 11/10/2012 3:54:05 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = Error - 11/10/2012 4:27:46 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 11/10/2012 3:54:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022 Description = Error - 11/10/2012 3:54:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11/10/2012 4:22:31 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011 Description = Error - 11/10/2012 4:27:46 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11/10/2012 6:28:57 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022 Description = Error - 11/10/2012 6:28:58 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11/11/2012 1:38:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022 Description = Error - 11/11/2012 1:38:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11/11/2012 11:13:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022 Description = Error - 11/11/2012 11:13:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >
- November 11, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

OTL logfile created on: 11/11/2012 4:19:19 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.56% Memory free 16.21 Gb Paging File | 14.70 Gb Available in Paging File | 90.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 177.29 Gb Free Space | 38.06% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe () PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe () MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () ========== Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes\{2E2893F6-85C1-4EF5-8F15-43C0A0872A13}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: obmfbglyzf@obmfbglyzf.org:1.0 FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0 FF - prefs.js..extensions.enabledAddons: esnipesnipeit@esnipe.com:1.1.11 FF - prefs.js..extensions.enabledItems: esnipesnipeit@esnipe.com:1.1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390 FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q=" FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/09/17 16:45:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2010/04/06 17:45:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M] [2008/02/06 09:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions [2012/11/08 14:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions [2012/09/04 22:18:05 | 000,040,385 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\esnipesnipeit@esnipe.com.xpi [1621/06/23 19:13:39 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi [2012/07/08 09:34:22 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012/10/27 13:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/27 13:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2009/08/05 01:37:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/10/27 13:05:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/30 14:10:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/12 10:34:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/11/08 15:54:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F81E465-9F09-4A29-B3A2-3D807CA50C80}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/11 16:16:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2012/11/10 07:27:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Hero Lab [2012/11/10 07:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab [2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hero Lab [2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Lab [2012/11/10 07:27:03 | 007,527,792 | ---- | C] (LWD Technology, Inc. ) -- C:\Users\Owner\Desktop\hl41_win_install.exe [2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp [2012/11/08 15:54:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/11/08 14:38:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/08 14:38:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/08 14:38:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/08 14:31:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/08 14:26:38 | 004,998,107 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2012/11/08 14:20:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus fixit folder 1 [2012/11/07 03:02:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JoAnne [2012/10/27 13:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMI Tools [2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMI Tools [2012/10/20 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/11 16:16:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2012/11/11 16:11:40 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/11 16:11:40 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/11 10:19:06 | 000,716,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/11 10:19:06 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/11 10:19:06 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/11 10:11:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/11 08:48:09 | 099,955,732 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/11/10 21:20:53 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat [2012/11/10 15:32:51 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/11/10 14:23:14 | 726,057,052 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/11/10 12:53:03 | 000,938,643 | ---- | M] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf [2012/11/10 07:32:07 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Hero Lab.lnk [2012/11/10 07:27:10 | 007,527,792 | ---- | M] (LWD Technology, Inc. ) -- C:\Users\Owner\Desktop\hl41_win_install.exe [2012/11/08 15:54:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/08 14:26:40 | 004,998,107 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2012/10/26 17:05:39 | 000,508,551 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/10/20 21:37:18 | 000,252,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/10 12:52:12 | 000,938,643 | ---- | C] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf [2012/11/10 07:27:37 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Hero Lab.lnk [2012/11/08 14:38:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/08 14:38:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/08 14:38:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/08 14:38:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/08 14:38:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/10/20 08:24:23 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2011/05/30 18:30:06 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2011/05/22 10:04:37 | 000,071,801 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\icarus-dxdiag.xml [2011/01/16 14:52:02 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\setup_ldm.iss [2009/11/08 15:47:30 | 000,007,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/16 22:07:51 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat [2009/09/06 22:35:26 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2009/08/08 09:48:45 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat [2009/08/01 23:30:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/01/26 06:11:21 | 000,002,188 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== LOP Check ========== [2009/08/10 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore [2011/01/28 20:36:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AdventureTools [2010/11/22 07:01:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10 [2012/02/08 21:43:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BigHugeEngine [2011/08/26 17:11:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent [2009/08/30 12:58:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blitware [2010/02/08 17:34:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook [2011/09/04 06:05:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\go [2012/08/23 06:57:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit [2011/01/16 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech [2009/10/16 10:02:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org [2012/02/08 21:09:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin [2011/02/15 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RIFT [2012/07/25 08:05:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony [2011/02/19 08:29:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab [2012/09/29 06:04:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp [2011/12/26 10:17:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software [2009/09/16 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Turbine [2012/01/05 19:55:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\wargaming.net [2009/08/10 22:44:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinPatrol [2012/08/18 11:15:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wise Registry Cleaner ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe [2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: SVCHOST.EXE > [2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe [2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe [2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe < MD5 for: USERINIT.EXE > [2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe [2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe [2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe [2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:679ABA25 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report >
- November 11, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

I am still getting redirected while using Mozilla
- November 11, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

FYi I clicked on adwcleaner.exe before disabling AVG. AVG recognized the program as a trojan virus?
- November 10, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

Hey Jeff.... I should have said this before --- Thank you for your help and efforts! I ran the delete : # AdwCleaner v2.007 - Logfile created 11/10/2012 at 15:21:21 # Updated 06/11/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Owner - OWNER-PC # Boot Mode : Normal # Running from : C:\Users\Owner\Desktop\Virus fixit folder 1\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Celebrity Toolbar Deleted on reboot : C:\ProgramData\Viewpoint Deleted on reboot : C:\Users\Owner\AppData\LocalLow\CouponAlert_2p ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\prefs.js C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\user.js ... Deleted ! [OK] File is clean. ************************* AdwCleaner[R1].txt - [2142 octets] - [09/11/2012 19:05:08] AdwCleaner[R2].txt - [2202 octets] - [09/11/2012 19:06:43] AdwCleaner[R3].txt - [2283 octets] - [10/11/2012 15:21:06] AdwCleaner[s1].txt - [2253 octets] - [10/11/2012 15:21:21] ########## EOF - C:\AdwCleaner[s1].txt - [2313 octets] ##########
- November 10, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

# AdwCleaner v2.007 - Logfile created 11/09/2012 at 19:05:08 # Updated 06/11/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Owner - OWNER-PC # Boot Mode : Normal # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Celebrity Toolbar Folder Found : C:\ProgramData\Viewpoint Folder Found : C:\Users\Owner\AppData\LocalLow\CouponAlert_2p ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} Key Found : HKLM\Software\Viewpoint Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556} Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [2015 octets] - [09/11/2012 19:05:08] ########## EOF - C:\AdwCleaner[R1].txt - [2075 octets] ##########
- November 10, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

waited 30+ min then closed program. rebooted. redisabled virus protection and rescanned w/ combofix ComboFix 12-11-08.01 - Owner 11/08/2012 15:42:06.2.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6351 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Owner\AppData\Local\assembly\tmp . ---- Previous Run ------- . c:\program files (x86)\CouponAlert_2pEI c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 ))))))))))))))))))))))))))))))) . . 2012-11-08 20:51 . 2012-11-08 20:54 -------- d-----w- c:\users\Owner\AppData\Local\temp 2012-11-08 20:51 . 2012-11-08 20:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-08 20:51 . 2012-11-08 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-21 12:13 . 2012-10-21 12:16 -------- d-----w- c:\program files (x86)\WMI Tools 2012-10-20 13:45 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-10-20 13:45 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-20 13:45 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-10-20 13:45 . 2012-08-24 11:23 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-10-20 13:45 . 2012-08-24 10:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-10-20 13:45 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll 2012-10-20 13:45 . 2012-08-24 06:48 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll 2012-10-20 13:45 . 2012-08-24 06:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-10-20 13:41 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-20 13:40 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll 2012-10-20 13:38 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-20 13:38 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll 2012-10-20 13:20 . 2012-10-20 13:20 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-20 13:19 . 2012-10-20 13:19 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-20 13:19 . 2010-04-21 02:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-02 22:21 . 2012-06-02 14:34 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-02 22:21 . 2012-06-02 14:34 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-02 22:21 . 2011-08-25 01:11 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-02 22:21 . 2011-08-25 00:28 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-02 22:21 . 2011-08-25 00:28 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-02 19:51 . 2011-03-20 21:33 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2011-03-20 21:33 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2011-07-20 16:45 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:50 . 2011-03-20 21:34 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2011-03-20 21:34 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-02 19:50 . 2011-03-20 21:34 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-09-28 04:18 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe 2012-08-25 04:22 . 2012-08-25 04:13 205058 ----a-w- C:\MGlogs.zip . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-16 1196048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q= FF - prefs.js: network.proxy.type - 4 FF - user.js: yahoo.homepage.dontask - true FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . SafeBoot-62719440.sys WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\program files (x86)\AVG\AVG10\avgwdsvc.exe c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe c:\program files\Logitech\SetPoint\x86\SetPoint32.exe c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\program files (x86)\Internet Explorer\IELowutil.exe . ************************************************************************** . Completion time: 2012-11-08 16:00:36 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-08 21:00 . Pre-Run: 188,438,306,816 bytes free Post-Run: 188,307,345,408 bytes free . - - End Of File - - 0CB82BCC8B8B508E90F5970C05CA8A24
- November 8, 2012
- 26 replies
Infected by BT Scour... yay

misternil replied to misternil's topic in Resolved Malware Removal Logs

ran scan with Combofix Scanning for infected files . . . This typically doesn't take more than 10 minutes However, scan times for badly infected machines may easily double Completed Stage_1 Completed Stage_2 Completed Stage_3 Completed Stage_4 Completed Stage_5 Completed Stage_6 Completed Stage_6A Completed Stage_7 Completed Stage_8 Completed Stage_9 Completed Stage_10 Completed Stage_11 Completed Stage_12 Completed Stage_13 Completed Stage_14 Completed Stage_15 Completed Stage_16 Completed Stage_17 Completed Stage_18 Completed Stage_19 Completed Stage_19B Completed Stage_20 Completed Stage_21 Completed Stage_22 Completed Stage_23 Completed Stage_24 Completed Stage_25 Completed Stage_26 Completed Stage_27 Completed Stage_28 Completed Stage_29 Completed Stage_30 Completed Stage_31 Completed Stage_32 Completed Stage_32A Completed Stage_33 Completed Stage_34 Completed Stage_35 Completed Stage_36 Completed Stage_37 Completed Stage_38 Completed Stage_39 Completed Stage_40 Completed Stage_41 Completed Stage_42 Completed Stage_43 Completed Stage_44 Completed Stage_45 Completed Stage_46 Completed Stage_47 Completed Stage_48 Completed Stage_49 Completed Stage_50 Deleting Files: C:\Windows\SysWow64\URTTemp\regtlib.exe Deleting Folders: C:\Program Files (x86)\CouponAlert_2pEI C:\Windows\SysWow64\URTTemp Had flashing cursor at end --- did not generate txt file
- November 8, 2012
- 26 replies
Infected by BT Scour... yay

misternil posted a topic in Resolved Malware Removal Logs

Hiyas. I have tried several solutions online and to no effect. Here are the logs to start with as requested in a previous post Attach Nov 7.txt DDS Nov 7.txt aswMBR.txt
- November 7, 2012
- 26 replies

Sign In

misternil

Posts

Joined

Last visited

Reputation

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Infected by BT Scour... yay

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information