misternil
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by misternil
-
-
ran ESET before leaving for work . Son came home and saw notes on comp(do not use). He says the comp had gone to BSOD so he rebooted comp and redid the scan but left "remove found threats" ticked. I do not know if he made sure the other 3 were ticked. The results are below --- should I redo scan again?
results
C:\MGtools\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\Users\Owner\Desktop\Download Dump\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Owner\Desktop\Download Dump\frostwire-5.1.3.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\11122012_200427\C_Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi JS/Redirector.NCA trojan deleted - quarantined
MWB scan results (run before ESET)
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.14.04
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
11/14/2012 7:58:04 AM
mbam-log-2012-11-14 (07-58-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226188
Time elapsed: 3 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Just checked... does not seem to be redirecting!
Thank you sir!
-
Wow you are quick!
Sorry I had not run the scan again as of your last post .... logfile is above
-
OTL logfile created on: 11/12/2012 8:15:51 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop\Virus fixit folder 1
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.16% Memory free
16.05 Gb Paging File | 14.47 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 174.70 Gb Free Space | 37.51% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Owner\Desktop\Virus fixit folder 1\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes\{2E2893F6-85C1-4EF5-8F15-43C0A0872A13}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0
FF - prefs.js..extensions.enabledAddons: esnipesnipeit@esnipe.com:1.1.11
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/09/17 16:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2010/04/06 17:45:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M]
[2008/02/06 09:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/11/12 20:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions
[2012/09/04 22:18:05 | 000,040,385 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\esnipesnipeit@esnipe.com.xpi
[2012/07/08 09:34:22 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2012/11/12 20:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/05 01:37:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/10/27 13:05:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 14:10:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 10:34:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/11/12 20:08:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F81E465-9F09-4A29-B3A2-3D807CA50C80}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/11/12 20:04:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/10 07:27:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Hero Lab
[2012/11/10 07:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab
[2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hero Lab
[2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Lab
[2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/11/08 15:54:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/08 14:38:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/08 14:38:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/08 14:38:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/08 14:31:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/08 14:26:38 | 004,998,107 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/11/08 14:20:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus fixit folder 1
[2012/11/07 03:02:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JoAnne
[2012/10/27 13:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMI Tools
[2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMI Tools
[2012/10/20 08:45:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/10/20 08:45:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/10/20 08:45:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/10/20 08:44:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/10/20 08:44:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/10/20 08:44:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/10/20 08:44:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/10/20 08:44:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/10/20 08:44:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/10/20 08:44:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/10/20 08:44:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/10/20 08:44:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/10/20 08:44:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/10/20 08:44:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/10/20 08:44:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/10/20 08:41:39 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/10/20 08:41:31 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/20 08:41:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/20 08:41:25 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/20 08:41:24 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/10/20 08:41:23 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/10/20 08:40:12 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/10/20 08:38:14 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/20 08:24:25 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/10/20 08:24:25 | 000,072,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll
[2012/10/20 08:24:24 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/10/20 08:24:24 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/10/20 08:24:24 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/10/20 08:24:24 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/10/20 08:24:24 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/10/20 08:24:24 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/10/20 08:24:24 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/10/20 08:24:24 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012/10/20 08:24:24 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012/10/20 08:24:24 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/10/20 08:24:24 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/10/20 08:24:24 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/10/20 08:24:24 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012/10/20 08:24:24 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/10/20 08:24:23 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/10/20 08:24:23 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/10/20 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/20 08:20:07 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/20 08:19:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/20 08:19:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/20 08:19:37 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
========== Files - Modified Within 30 Days ==========
[2012/11/12 20:17:33 | 000,716,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/12 20:17:33 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/12 20:17:33 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/12 20:10:19 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/12 20:10:19 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/12 20:10:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/12 20:08:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/12 20:01:19 | 000,509,750 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/11/12 20:00:53 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/12 15:20:51 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2012/11/12 09:31:01 | 100,027,288 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/11/10 14:23:14 | 726,057,052 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/10 12:53:03 | 000,938,643 | ---- | M] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf
[2012/11/10 07:32:07 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Hero Lab.lnk
[2012/11/08 14:26:40 | 004,998,107 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/10/20 21:37:18 | 000,252,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/20 08:19:14 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/20 08:19:09 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/20 08:19:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/20 08:19:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/20 08:19:07 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
========== Files Created - No Company Name ==========
[2012/11/10 12:52:12 | 000,938,643 | ---- | C] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf
[2012/11/10 07:27:37 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Hero Lab.lnk
[2012/11/08 14:38:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/08 14:38:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/08 14:38:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/08 14:38:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/08 14:38:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/20 08:24:23 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/05/30 18:30:06 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/05/22 10:04:37 | 000,071,801 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\icarus-dxdiag.xml
[2011/01/16 14:52:02 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\setup_ldm.iss
[2009/09/16 22:07:51 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2009/09/06 22:35:26 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/08/08 09:48:45 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2009/08/01 23:30:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/01/26 06:11:21 | 000,002,188 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe
[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:679ABA25
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
-
text file created at reboot:
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: obmfbglyzf@obmfbglyzf.org:1.0 removed from extensions.enabledAddons
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\META-INF folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} folder moved successfully.
C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.
C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\Virus fixit folder 1\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\Virus fixit folder 1\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 2010096 bytes
->Temporary Internet Files folder emptied: 1882968 bytes
->Java cache emptied: 870934987 bytes
->FireFox cache emptied: 60246807 bytes
->Flash cache emptied: 1959399 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 894.00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11122012_200427
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
OTL Extras logfile created on: 11/11/2012 4:19:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.56% Memory free
16.21 Gb Paging File | 14.70 Gb Available in Paging File | 90.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 177.29 Gb Free Space | 38.06% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 60 C1 09 74 52 18 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D3C958-642A-4BD7-ACF4-7E1F3530FB48}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{0CEF8B4D-8212-4C7C-AD1E-3A67B2EB37C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{17147296-F842-4106-AC6C-9AD21FDE14F0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{1F446AB0-ED47-42A6-A810-1E3035783EE7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{24D18A76-5C98-4DA5-83EC-89164FB033AF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{2BB5DC04-0FC3-4986-9AB0-725609DA6DED}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{2D548A03-0EEF-4E36-8F5C-4B49A69A71E5}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"{316A39DB-DDA7-471E-A379-A0C861D09061}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{32FB7C1F-B004-4AA3-9617-3344FA91AAEC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3319F9FD-1AD5-4523-BC39-D76FC68BDF51}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{36F4635E-D371-450E-9309-56934E256F1A}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{3B6DB452-03C1-4FBF-8246-F7149FEF91B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3C8D7496-FE58-4BEE-BC71-14545D91C903}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{3CD6AFAF-1C63-43FC-99DE-7D78065A0B04}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{490779CA-0735-4CD2-8452-38918EDF54A6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{4918B8E4-489B-4D3E-BF68-C12135E0065C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{494EBC06-F779-4038-AE01-2235612A6402}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{50C90A7B-4A97-4EAB-8955-F29F2E877498}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{52BC804A-FE68-4B11-9896-2171F709269D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{53348AC4-D1D3-4182-95C4-26327D4B0221}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5458291F-91C7-41C7-B009-2A7F0699991C}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{557769A8-6E34-4591-AEA1-FA9D0F764B00}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{57FE131C-502E-4496-AE13-097DD2A2D861}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{59A18BA0-8F72-4627-96B6-678DB9C7F20C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5BD43DDA-6DD8-4C8E-B41C-E9B44B5A1343}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{62863D68-C4F1-4DE6-B910-047F481BB27C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{63341B7A-D2D5-46F2-BB3A-C6D7AF6E467C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{63DBC8CB-A66E-46A6-8D4C-7ED4B1DD8387}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{7332B69E-9704-43CA-93FF-1F2B843498D0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{758B40BF-FDCD-4F1B-A050-FDE4280BE7B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7E9BCA33-CBDF-4915-A363-B55CAC784439}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{7F5D0BBA-EB73-4FA2-9E5F-C3C55291CFE7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{82BBD297-ACC8-455C-B4CE-8F4312580BEA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{84E9BC3F-3815-48D0-B383-4C94D32943AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{87430AE1-18C4-42B1-847B-A3B1517AD8FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{88351A79-079C-475D-B500-8C24F9444E53}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{88530B21-AD87-4F9C-A9C2-3F2FD6C73395}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\turbineinvoker.exe |
"{8C7056D2-5444-4E50-B55C-38CAB5EA07E5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{8FE66B0C-4177-4210-BCC6-67D6973AD187}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{935FEAC6-D46B-4BC6-A048-EC2B552EC9A1}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{97C11290-9EF1-4A4D-99EA-C4A313B2EF36}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{988FC537-43A3-482D-BD65-0CD7F6C94A29}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{9A2AEDE3-2E06-4411-A664-ABAFEFC663D8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{9B3D4889-0F08-4EBE-9EA0-A9721ECC420E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A1FC2FD5-9B62-4D22-8583-5F0712885E2A}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe |
"{A66B44DE-836F-4CC5-8A13-CDB2D3ECAAFC}" = protocol=6 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe |
"{A7057AA3-2556-4505-8D8D-34D4EE0C4021}" = protocol=17 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe |
"{AF1FD934-C247-4EEA-B7B4-52913B580D07}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{B5300041-32E9-49DF-9A13-DE50E5415901}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{BC007471-680A-4D7D-A0CA-62680D52E0BF}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{BE788664-E6C6-45D3-B8EC-2627196AA855}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"{BEC85277-7BB7-4A01-8E43-30F3B494E445}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{C62ED905-F7A2-47B8-9820-FE2974273E3A}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe |
"{CE97E628-6DB4-4214-9F79-9A416A9B4E54}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{CFA4793E-754A-468C-B9C2-C13F5B723851}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{CFEDA699-641A-45FB-93EB-444DCF69D12F}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\turbineinvoker.exe |
"{CFF12A65-F221-41E8-BAAC-EB5D259500AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D2885321-4C38-4395-825C-BF482298ED58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D64BB005-1584-4CD4-9A15-4FD614FCADF9}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DBD4BFB3-54E2-4DF2-93AD-D939DBF3B769}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{E108DFF3-0522-43B3-8DA1-67DE9649CCB6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{E1180D9F-02D6-4B98-98AF-30BDA8031ED2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{E1F30509-0B8C-42E2-AD92-0B30D4DE0E93}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{E4B0180C-64A7-4317-A9BE-74AD277D9DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E9E8ED28-7136-44A1-A3AA-AA2C00DCD2D9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{F6B68A38-91AD-40C3-B351-BB11C4A6F9B5}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{010AC8CC-A4E8-4E4E-8534-593984611BA1}C:\program files (x86)\funcom\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconandx10.exe |
"TCP Query User{0EEDBDD5-7800-4E68-85BC-8FC711A589F1}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{1698627C-770B-441B-A24E-501392CE33AB}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"TCP Query User{1B742ACF-CAF4-472E-AAC0-E7360C011D0D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{267FE803-CBE2-4563-BF4C-4BDE1E2C522C}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{2E53F4A8-7430-4F5D-8E16-E6858F39F8C6}C:\users\owner\downloads\adventuretoolsdownloader.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\adventuretoolsdownloader.exe |
"TCP Query User{3A52AC41-C9DD-42D3-86C5-146D5EF42EFA}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"TCP Query User{47B698FD-3C31-4B08-911F-58BD58152C4C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{4E30AC8B-82C6-4726-8C84-D749876840B7}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{5AFA499E-380B-4BB9-96A6-3BDEDC33D863}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{8C886B8F-72B7-4819-A9C0-56FB73F773AC}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"TCP Query User{9F56453B-B216-4588-8A08-45D8B635CF3F}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{BA2B6C1F-137C-4098-89C9-203846FB985E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{F4217529-2D6C-4948-89DC-59E0CD6F5607}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{008E33B4-E705-41EC-9278-9CC0CEEF8C42}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{05B5186B-7677-443A-B30B-B395943763CA}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{07324C8A-0756-4A90-A0B6-E714F893BC0C}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"UDP Query User{0EDC713C-2B26-4A4C-8A6C-650FB95795DC}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{2CD1E1B0-BCF2-4FFE-A1DB-C279AF6D2D95}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{30F6ADA8-0844-4B2E-B472-6239CD19B347}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{49409D46-DF5C-4DF9-8DD5-2D6AAABA97C7}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{49FFD0DF-A912-4479-88AE-C50C4F9240C8}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"UDP Query User{5BED7501-3032-46A9-B242-3770540FE419}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"UDP Query User{767FE51E-D5CD-4136-92D6-9EEC8BC586DE}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"UDP Query User{7EC54E45-2728-483F-B297-FCCA5EC848E9}C:\program files (x86)\funcom\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconandx10.exe |
"UDP Query User{B632473F-6B81-41FF-910B-3DCFE100A157}C:\users\owner\downloads\adventuretoolsdownloader.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\adventuretoolsdownloader.exe |
"UDP Query User{BE96268B-7082-4E7A-8F66-6080E9F9210B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{D5A66258-9091-4C7E-9295-9EC37E72ED51}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{122CFA16-E9CF-488D-9D4E-60D81F619724}" = AVG 2011
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416019FF}" = Java 6 Update 19 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{902DCF72-EB95-4154-A81B-81000969927E}" = AVG 2011
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{25A13826-8E4A-4FBF-AD2B-776447FE9646}" = WMI Tools
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}" = Roleplaying City Map Generator 5.40
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1" = Hero Lab 4.1
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.116.12060
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87464284-11C8-4F83-88EC-E8013320B789}" = AOC UI Installer 3.1.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4552E28-AF1D-4C3E-9991-8112F40265F4}" = Adventure Tools
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDC7F188-3A08-45C3-8C3C-99BE32911949}" = Photo Transport
"{CF566D77-F6F4-420C-91D5-3C4808547443}" = NWZ-S760 WALKMAN Guide
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E8A0BF78-AEC5-449A-A391-1B20535009D6}" = TableSmith
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.53 Free Edition
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.03.8013
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.03.800
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"AutoHotkey" = AutoHotkey 1.1.02.02
"AutoREALM_is1" = AutoREALM Version 2.2.1
"BitTorrent" = BitTorrent
"Campaign Cartographer 2" = Campaign Cartographer 2
"CCleaner" = CCleaner
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CUZ4_is1" = CAM UnZip 4.42
"DCrafter3" = Dungeon Crafter III (remove only)
"Diablo III" = Diablo III
"Free RAR Extract Frog" = Free RAR Extract Frog
"FrostWire 5" = FrostWire 5.1.3
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SystemRequirementsLab" = System Requirements Lab
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.73
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CohMapPack" = VidiotMaps Map Overlay
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"NCsoft-CityOfHeroes" = City of Heroes
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/7/2012 9:36:42 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/8/2012 12:02:34 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/8/2012 3:19:50 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/8/2012 4:34:04 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/8/2012 4:55:15 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/9/2012 12:02:39 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/9/2012 6:38:46 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/10/2012 3:27:32 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/10/2012 3:54:05 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/10/2012 4:27:46 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11/10/2012 3:54:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 11/10/2012 3:54:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/10/2012 4:22:31 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 11/10/2012 4:27:46 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/10/2012 6:28:57 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 11/10/2012 6:28:58 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/11/2012 1:38:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 11/11/2012 1:38:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/11/2012 11:13:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 11/11/2012 11:13:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
-
OTL logfile created on: 11/11/2012 4:19:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.56% Memory free
16.21 Gb Paging File | 14.70 Gb Available in Paging File | 90.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 177.29 Gb Free Space | 38.06% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes\{2E2893F6-85C1-4EF5-8F15-43C0A0872A13}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: obmfbglyzf@obmfbglyzf.org:1.0
FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0
FF - prefs.js..extensions.enabledAddons: esnipesnipeit@esnipe.com:1.1.11
FF - prefs.js..extensions.enabledItems: esnipesnipeit@esnipe.com:1.1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/09/17 16:45:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2010/04/06 17:45:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M]
[2008/02/06 09:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/11/08 14:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions
[2012/09/04 22:18:05 | 000,040,385 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\esnipesnipeit@esnipe.com.xpi
[1621/06/23 19:13:39 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi
[2012/07/08 09:34:22 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2012/10/27 13:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 13:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2009/08/05 01:37:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/10/27 13:05:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 14:10:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 10:34:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/11/08 15:54:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F81E465-9F09-4A29-B3A2-3D807CA50C80}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/11/11 16:16:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/11/10 07:27:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Hero Lab
[2012/11/10 07:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab
[2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hero Lab
[2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Lab
[2012/11/10 07:27:03 | 007,527,792 | ---- | C] (LWD Technology, Inc. ) -- C:\Users\Owner\Desktop\hl41_win_install.exe
[2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/11/08 15:54:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/08 14:38:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/08 14:38:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/08 14:38:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/08 14:31:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/08 14:26:38 | 004,998,107 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/11/08 14:20:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus fixit folder 1
[2012/11/07 03:02:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JoAnne
[2012/10/27 13:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMI Tools
[2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMI Tools
[2012/10/20 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/11/11 16:16:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/11/11 16:11:40 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 16:11:40 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 10:19:06 | 000,716,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/11 10:19:06 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/11 10:19:06 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/11 10:11:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/11 08:48:09 | 099,955,732 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/11/10 21:20:53 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2012/11/10 15:32:51 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/10 14:23:14 | 726,057,052 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/10 12:53:03 | 000,938,643 | ---- | M] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf
[2012/11/10 07:32:07 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Hero Lab.lnk
[2012/11/10 07:27:10 | 007,527,792 | ---- | M] (LWD Technology, Inc. ) -- C:\Users\Owner\Desktop\hl41_win_install.exe
[2012/11/08 15:54:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/08 14:26:40 | 004,998,107 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/10/26 17:05:39 | 000,508,551 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/10/20 21:37:18 | 000,252,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/11/10 12:52:12 | 000,938,643 | ---- | C] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf
[2012/11/10 07:27:37 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Hero Lab.lnk
[2012/11/08 14:38:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/08 14:38:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/08 14:38:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/08 14:38:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/08 14:38:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/20 08:24:23 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/05/30 18:30:06 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/05/22 10:04:37 | 000,071,801 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\icarus-dxdiag.xml
[2011/01/16 14:52:02 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\setup_ldm.iss
[2009/11/08 15:47:30 | 000,007,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/16 22:07:51 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2009/09/06 22:35:26 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/08/08 09:48:45 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2009/08/01 23:30:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/01/26 06:11:21 | 000,002,188 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== LOP Check ==========
[2009/08/10 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2011/01/28 20:36:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AdventureTools
[2010/11/22 07:01:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2012/02/08 21:43:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BigHugeEngine
[2011/08/26 17:11:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
[2009/08/30 12:58:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blitware
[2010/02/08 17:34:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2011/09/04 06:05:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\go
[2012/08/23 06:57:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2011/01/16 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2009/10/16 10:02:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/02/08 21:09:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
[2011/02/15 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RIFT
[2012/07/25 08:05:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony
[2011/02/19 08:29:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2012/09/29 06:04:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2011/12/26 10:17:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2009/09/16 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Turbine
[2012/01/05 19:55:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\wargaming.net
[2009/08/10 22:44:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinPatrol
[2012/08/18 11:15:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wise Registry Cleaner
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe
[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:679ABA25
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
-
I am still getting redirected while using Mozilla
-
FYi I clicked on adwcleaner.exe before disabling AVG. AVG recognized the program as a trojan virus?
-
Hey Jeff.... I should have said this before --- Thank you for your help and efforts!
I ran the delete :
# AdwCleaner v2.007 - Logfile created 11/10/2012 at 15:21:21
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\Virus fixit folder 1\AdwCleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Celebrity Toolbar
Deleted on reboot : C:\ProgramData\Viewpoint
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\CouponAlert_2p
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\prefs.js
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\user.js ... Deleted !
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2142 octets] - [09/11/2012 19:05:08]
AdwCleaner[R2].txt - [2202 octets] - [09/11/2012 19:06:43]
AdwCleaner[R3].txt - [2283 octets] - [10/11/2012 15:21:06]
AdwCleaner[s1].txt - [2253 octets] - [10/11/2012 15:21:21]
########## EOF - C:\AdwCleaner[s1].txt - [2313 octets] ##########
-
# AdwCleaner v2.007 - Logfile created 11/09/2012 at 19:05:08
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\Celebrity Toolbar
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Owner\AppData\LocalLow\CouponAlert_2p
***** [Registry] *****
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2015 octets] - [09/11/2012 19:05:08]
########## EOF - C:\AdwCleaner[R1].txt - [2075 octets] ##########
-
waited 30+ min then closed program. rebooted. redisabled virus protection and rescanned w/ combofix
ComboFix 12-11-08.01 - Owner 11/08/2012 15:42:06.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6351 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\assembly\tmp
.
---- Previous Run -------
.
c:\program files (x86)\CouponAlert_2pEI
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))))
.
.
2012-11-08 20:51 . 2012-11-08 20:54 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-11-08 20:51 . 2012-11-08 20:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-08 20:51 . 2012-11-08 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-21 12:13 . 2012-10-21 12:16 -------- d-----w- c:\program files (x86)\WMI Tools
2012-10-20 13:45 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-10-20 13:45 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-20 13:45 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-10-20 13:45 . 2012-08-24 11:23 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-10-20 13:45 . 2012-08-24 10:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-10-20 13:45 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-10-20 13:45 . 2012-08-24 06:48 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-10-20 13:45 . 2012-08-24 06:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-10-20 13:41 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-20 13:40 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-10-20 13:38 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-20 13:38 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-10-20 13:20 . 2012-10-20 13:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-20 13:19 . 2012-10-20 13:19 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 13:19 . 2010-04-21 02:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-02 22:21 . 2012-06-02 14:34 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2012-06-02 14:34 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-02 22:21 . 2011-08-25 01:11 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2011-08-25 00:28 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2011-08-25 00:28 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 19:51 . 2011-03-20 21:33 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-03-20 21:33 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-07-20 16:45 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-03-20 21:34 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-03-20 21:34 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-03-20 21:34 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-28 04:18 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-08-25 04:22 . 2012-08-25 04:13 205058 ----a-w- C:\MGlogs.zip
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-16 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-62719440.sys
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-11-08 16:00:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-08 21:00
.
Pre-Run: 188,438,306,816 bytes free
Post-Run: 188,307,345,408 bytes free
.
- - End Of File - - 0CB82BCC8B8B508E90F5970C05CA8A24
-
ran scan with Combofix
Scanning for infected files . . .
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double
Completed Stage_1
Completed Stage_2
Completed Stage_3
Completed Stage_4
Completed Stage_5
Completed Stage_6
Completed Stage_6A
Completed Stage_7
Completed Stage_8
Completed Stage_9
Completed Stage_10
Completed Stage_11
Completed Stage_12
Completed Stage_13
Completed Stage_14
Completed Stage_15
Completed Stage_16
Completed Stage_17
Completed Stage_18
Completed Stage_19
Completed Stage_19B
Completed Stage_20
Completed Stage_21
Completed Stage_22
Completed Stage_23
Completed Stage_24
Completed Stage_25
Completed Stage_26
Completed Stage_27
Completed Stage_28
Completed Stage_29
Completed Stage_30
Completed Stage_31
Completed Stage_32
Completed Stage_32A
Completed Stage_33
Completed Stage_34
Completed Stage_35
Completed Stage_36
Completed Stage_37
Completed Stage_38
Completed Stage_39
Completed Stage_40
Completed Stage_41
Completed Stage_42
Completed Stage_43
Completed Stage_44
Completed Stage_45
Completed Stage_46
Completed Stage_47
Completed Stage_48
Completed Stage_49
Completed Stage_50
Deleting Files:
C:\Windows\SysWow64\URTTemp\regtlib.exe
Deleting Folders:
C:\Program Files (x86)\CouponAlert_2pEI
C:\Windows\SysWow64\URTTemp
Had flashing cursor at end --- did not generate txt file
-
Hiyas. I have tried several solutions online and to no effect. Here are the logs to start with as requested in a previous post
Infected by BT Scour... yay
in Resolved Malware Removal Logs
Posted
I do not seem to be getting the redirects. I will keep an eye out and see if they reoccur (I thought I had cleaned this out previously but it came back)... Thank you very much!