Jump to content

Deep Examination


Recommended Posts

Greetings,

I was redirected here by Advanced Setup after he concluded that based on the symptoms exhibited here that I might have an infection of some kind on my hands.

No infected files were found by M-bam's quick scan and my avast scan also found no viruses.

The M-bam log has been placed below.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4294

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

7/9/2010 12:55:03 AM

mbam-log-2010-07-09 (00-55-03).txt

Scan type: Quick scan

Objects scanned: 156672

Time elapsed: 10 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Link to post
Share on other sites

Greetings Once More,

I have both Old Timer logs as listed below. I noticed a strange hick-up in my machine when moving OTL to the desktop from the default folder all my downloads go to (Username/Downloads). I got an error messages saying "Explorer.EXE has encountered a problem and needs to close." but when I clicked cancel explorer.exe kept running anyway.

OTL ran without a hitch, but when running GMER an issue occurred. I had disconnected from the internet, closed all programs, and deactivated avast's on-access shields when I attempted to run GMER, and it began without any problems. It didn't even give me any warnings about something in memory being infected. However, when it got some way into the scan it died. I've attached a print screen of the event in question.

(Sidenote: I'm aware of the risks of using P2P programs and have uninstalled Bittorrent, what you see in the print screen is a remnant file that I evidently missed.)

(ADDENDUM: I had originally intended to display both of the OTL text files below, but unfortunately it seems as if the posting capacity would thus be exceeded were I to try, so I shall present them both in their respective order.)

OTL

OTL logfile created on: 7/9/2010 4:20:19 AM - Run 2

OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\Trav\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 231.42 Gb Total Space | 61.37 Gb Free Space | 26.52% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 550.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PORTAL

Current User Name: Trav

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/09 04:12:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Trav\Desktop\OTL.exe

PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/06/04 12:15:16 | 002,387,768 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe

PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/03/25 20:19:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

PRC - [2009/11/23 15:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe

PRC - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe

PRC - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe

PRC - [2009/11/23 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe

PRC - [2009/06/22 12:28:56 | 000,335,872 | ---- | M] (Dura Micro, Inc) -- C:\Program Files\AutoTask\AutoTask.exe

PRC - [2009/04/11 01:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe

PRC - [2009/04/11 01:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009/04/09 03:48:00 | 000,208,328 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

PRC - [2009/04/01 18:11:06 | 001,283,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

PRC - [2009/04/01 18:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008/07/10 20:35:30 | 000,188,416 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

PRC - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2008/07/10 19:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

PRC - [2008/04/30 21:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2008/04/30 21:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

PRC - [2008/04/24 15:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/03/19 15:35:44 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

PRC - [2008/02/06 15:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

PRC - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

PRC - [2008/01/20 21:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

PRC - [2007/12/13 21:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe

PRC - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2007/09/28 18:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

PRC - [2007/06/15 23:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe

PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe

PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2010/07/09 04:12:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Trav\Desktop\OTL.exe

MOD - [2009/08/30 09:04:04 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

MOD - [2009/04/11 01:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll

MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2010/07/02 21:27:27 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/26 15:14:04 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)

SRV - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/04/01 18:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/07/10 19:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008/04/30 21:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/04/30 21:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)

SRV - [2008/04/11 13:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Trav\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/06/28 15:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/04/13 08:50:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/03/04 13:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/02/26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2010/02/26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2009/10/21 03:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2009/08/30 09:04:04 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/30 09:04:04 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/08/27 15:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2009/08/18 18:50:50 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/07/09 09:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)

DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2009/05/01 08:13:33 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/07/20 19:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2008/07/15 21:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2008/06/12 20:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2008/04/28 08:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/04/09 20:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/02/15 20:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/07/30 13:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 12:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/04/30 06:11:04 | 000,004,224 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\REFILERW.SYS -- (REFILERW)

DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)

DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)

DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/10/23 18:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 51 83 BE FC 1E CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/WORLD/"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: overbiteff@floodgap.com:1.1.1424

FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.5

FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14908

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/02/17 14:36:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/25 20:21:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/05 21:12:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/05 21:12:45 | 000,000,000 | ---D | M]

[2009/03/31 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Trav\AppData\Roaming\Mozilla\Extensions

[2010/07/09 01:04:48 | 000,000,000 | ---D | M] -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions

[2010/06/27 00:37:36 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(156)

[2010/05/28 23:48:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/28 23:48:11 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2010/03/15 18:33:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/28 23:48:13 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}

[2010/05/28 23:48:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/01/17 17:00:17 | 000,000,000 | ---D | M] -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions\lookingforgroupboom@lookingforgroup.com

[2010/01/17 20:42:06 | 000,000,000 | ---D | M] -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions\overbiteff@floodgap.com

[2009/05/30 15:20:54 | 000,000,000 | ---D | M] -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\extensions\searchrecs@veoh.com

[2009/12/22 15:50:38 | 000,002,010 | ---- | M] () -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\searchplugins\romulation-rom-search.xml

[2010/01/10 13:39:33 | 000,001,720 | ---- | M] () -- C:\Users\Trav\AppData\Roaming\Mozilla\Firefox\Profiles\oz778t8f.default\searchplugins\youtube-video-search.xml

[2010/07/02 19:45:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/03/09 22:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

[2010/07/09 01:39:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com

[2009/12/13 12:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com

[2008/06/30 15:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

[2009/12/31 04:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll

[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

[2009/12/26 21:12:27 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2009/08/07 01:50:57 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [AutoTask] C:\Program Files\AutoTask\AutoTask.exe (Dura Micro, Inc)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [backupSoft] File not found

O4 - HKLM..\Run: [cfFncEnabler.exe] File not found

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - HKCU..\Run: [TOSCDSPD] File not found

O4 - Startup: C:\Users\Trav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O4 - Startup: C:\Users\Trav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - Reg Error: Key error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Trav\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Trav\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/07/05 10:05:52 | 001,019,904 | R--- | M] (Microsoft Corporation) - L:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2005/05/18 10:59:05 | 000,000,228 | R--- | M] () - L:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{edc80707-cbb6-11de-946f-001e337dd3ff}\Shell - "" = AutoRun

O33 - MountPoints2\{edc80707-cbb6-11de-946f-001e337dd3ff}\Shell\AutoRun\command - "" = F:\Launcher.exe -- File not found

O33 - MountPoints2\{edc809b1-cbb6-11de-946f-001e337dd3ff}\Shell - "" = AutoRun

O33 - MountPoints2\{edc809b1-cbb6-11de-946f-001e337dd3ff}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/09 04:12:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Trav\Desktop\OTL.exe

[2010/07/08 20:52:12 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Trav\Desktop\InstallWoW.exe

[2010/07/08 18:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

[2010/07/08 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\Trav\AppData\Roaming\SystemRequirementsLab

[2010/07/06 08:05:49 | 000,000,000 | ---D | C] -- C:\DOS BOX GAMES

[2010/07/06 08:01:04 | 000,000,000 | ---D | C] -- C:\DOSBOXGAMES

[2010/07/06 05:16:38 | 000,000,000 | ---D | C] -- C:\Users\Trav\Desktop\Warcraft - Orcs and Humans

[2010/07/06 05:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74

[2010/07/05 20:30:37 | 006,164,800 | ---- | C] (Koyote Soft ) -- C:\Users\Trav\Desktop\Setup_FreeFlvConverter.exe

[2010/07/02 15:47:04 | 000,000,000 | ---D | C] -- C:\Users\Trav\Desktop\Demotivational Posters

[2010/07/01 00:31:38 | 000,000,000 | ---D | C] -- C:\Users\Trav\Desktop\mtg_gamepack

[2010/07/01 00:02:26 | 000,000,000 | ---D | C] -- C:\Users\Trav\Desktop\Magic Workstation

[2010/06/30 23:45:20 | 000,000,000 | ---D | C] -- C:\Users\Trav\Desktop\Magic_Workstation_-_WoW_-_Vista

[2010/06/30 15:54:24 | 000,000,000 | ---D | C] -- C:\Users\Trav\Desktop\University Items

[2010/06/30 03:00:43 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/06/30 03:00:43 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/06/30 03:00:43 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/06/29 13:31:39 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr

[2010/06/28 19:10:28 | 000,000,000 | ---D | C] -- C:\Users\Trav\Other

[2010/06/27 22:02:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/06/27 22:02:11 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/06/21 14:25:36 | 000,000,000 | ---D | C] -- C:\Users\Trav\Desktop\Lol

[2010/06/14 22:58:01 | 000,000,000 | ---D | C] -- C:\Users\Trav\Photoshop CS5 All-in-One For Dummies (2010) - (Malestrom)

[2010/06/14 12:50:23 | 000,000,000 | ---D | C] -- C:\Users\Trav\Psychology

[2010/06/10 22:21:16 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32

[2010/06/10 21:33:15 | 000,000,000 | ---D | C] -- C:\Users\Trav\Transmetropolitan

[2010/06/10 04:56:49 | 000,000,000 | ---D | C] -- C:\Users\Trav\Blizzard Books - Diablo, Starcraft, Warcraft

[2010/06/09 21:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\BYOND

[2010/03/05 19:49:40 | 000,120,320 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Trav\AppData\Local\*.tmp files -> C:\Users\Trav\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/09 04:21:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{409339FF-CF28-412F-80EB-BF645322ED4B}.job

[2010/07/09 04:20:40 | 004,456,448 | -HS- | M] () -- C:\Users\Trav\ntuser.dat

[2010/07/09 04:12:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Trav\Desktop\OTL.exe

[2010/07/09 04:01:53 | 000,000,880 | ---- | M] () -- C:\Users\Trav\Desktop\World of Warcraft Installer.lnk

[2010/07/09 03:53:19 | 000,000,666 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/07/09 03:44:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/07/09 03:44:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/07/09 03:40:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/07/08 20:52:28 | 001,663,664 | ---- | M] (Blizzard Entertainment) -- C:\Users\Trav\Desktop\InstallWoW.exe

[2010/07/08 19:51:29 | 000,763,574 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/07/08 19:51:29 | 000,645,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/07/08 19:51:29 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/07/08 19:44:27 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/07/08 19:44:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/07/08 19:44:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/07/08 19:44:03 | 3082,813,440 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/08 19:37:05 | 000,524,288 | -HS- | M] () -- C:\Users\Trav\ntuser.dat{51c3a149-a217-11de-8036-001e337dd3ff}.TMContainer00000000000000000001.regtrans-ms

[2010/07/08 19:37:05 | 000,065,536 | -HS- | M] () -- C:\Users\Trav\ntuser.dat{51c3a149-a217-11de-8036-001e337dd3ff}.TM.blf

[2010/07/08 17:56:14 | 000,001,334 | ---- | M] () -- C:\Users\Trav\Desktop\Photoshop.exe - Shortcut.lnk

[2010/07/08 17:42:25 | 004,959,280 | ---- | M] () -- C:\Users\Trav\Desktop\WoW-3.3.3.11685-to-3.3.3.11723-enUS-patch.exe

[2010/07/08 17:34:46 | 024,886,168 | ---- | M] () -- C:\Users\Trav\Desktop\WoW-3.3.3.11723-to-3.3.5.12213-enUS-patch.exe

[2010/07/08 16:56:13 | 000,248,261 | ---- | M] () -- C:\Users\Trav\Desktop\SADFACE.jpg

[2010/07/07 00:11:15 | 000,059,074 | ---- | M] () -- C:\Users\Trav\Desktop\4chan.jpg

[2010/07/06 21:02:10 | 000,012,417 | ---- | M] () -- C:\Users\Trav\Desktop\IW.docx

[2010/07/06 05:14:01 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk

[2010/07/06 01:31:15 | 000,014,905 | ---- | M] () -- C:\Users\Trav\Desktop\You stated.docx

[2010/07/05 20:47:41 | 093,724,872 | ---- | M] () -- C:\Users\Trav\Desktop\Record.mp3

[2010/07/05 20:41:12 | 049,642,676 | ---- | M] () -- C:\Users\Trav\Desktop\Warcraft - Orcs and Humans.rar

[2010/07/05 20:35:12 | 000,000,922 | ---- | M] () -- C:\Users\Trav\Desktop\Free FLV Converter.lnk

[2010/07/05 20:32:18 | 006,164,800 | ---- | M] (Koyote Soft ) -- C:\Users\Trav\Desktop\Setup_FreeFlvConverter.exe

[2010/07/02 19:41:21 | 000,001,854 | ---- | M] () -- C:\Users\Trav\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/07/02 10:50:38 | 000,001,404 | ---- | M] () -- C:\Users\Trav\Desktop\DivX Movies.lnk

[2010/07/02 10:50:19 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010/07/02 10:44:06 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/07/01 14:21:37 | 000,180,258 | ---- | M] () -- C:\Users\Trav\Desktop\Record.jpg

[2010/07/01 03:15:20 | 000,193,320 | ---- | M] () -- C:\Users\Trav\Desktop\EmailPassword.jpg

[2010/06/30 23:44:37 | 061,999,274 | ---- | M] () -- C:\Users\Trav\Desktop\Magic_Workstation_-_WoW_-_Vista.zip

[2010/06/30 17:24:27 | 000,134,412 | ---- | M] () -- C:\Users\Trav\Desktop\Paypal.jpg

[2010/06/29 23:49:51 | 000,000,162 | -H-- | M] () -- C:\Users\Trav\Desktop\~$u stated.docx

[2010/06/29 23:43:04 | 000,000,312 | ---- | M] () -- C:\Users\Trav\Desktop\Curse Client.appref-ms

[2010/06/29 13:31:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr

[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys

[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2010/06/28 15:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2010/06/26 11:07:58 | 000,032,078 | ---- | M] () -- C:\Users\Trav\Desktop\socializer.htm

[2010/06/24 15:41:28 | 000,000,000 | ---- | M] () -- C:\Users\Trav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010/06/21 01:20:46 | 005,320,540 | ---- | M] () -- C:\Users\Trav\Desktop\[iOSYS] F O E_ High Quality, English subs.flv

[2010/06/18 11:34:48 | 000,022,931 | ---- | M] () -- C:\Users\Trav\Desktop\Response to Goff From Facebook.docx

[2010/06/17 01:09:35 | 000,073,404 | ---- | M] () -- C:\Users\Trav\Desktop\sick.hair.insperation.jpg

[2010/06/16 14:32:19 | 001,783,305 | ---- | M] () -- C:\Users\Trav\Desktop\BitTorrent-6.4e.exe

[2010/06/12 13:51:06 | 001,555,257 | ---- | M] () -- C:\Users\Trav\Chemistry Essentials Dummies.pdf

[2010/06/11 02:15:41 | 000,385,332 | ---- | M] () -- C:\Users\Trav\Desktop\TV.jpg

[2010/06/10 00:09:15 | 000,001,942 | ---- | M] () -- C:\Users\Trav\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk

[2010/06/09 21:45:11 | 000,001,485 | ---- | M] () -- C:\Users\Trav\Desktop\BYOND.lnk

[2010/06/09 18:35:52 | 001,737,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Trav\AppData\Local\*.tmp files -> C:\Users\Trav\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/08 17:41:33 | 004,959,280 | ---- | C] () -- C:\Users\Trav\Desktop\WoW-3.3.3.11685-to-3.3.3.11723-enUS-patch.exe

[2010/08/08 17:31:01 | 024,886,168 | ---- | C] () -- C:\Users\Trav\Desktop\WoW-3.3.3.11723-to-3.3.5.12213-enUS-patch.exe

[2010/07/08 21:22:46 | 000,000,666 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/07/08 21:04:30 | 000,000,880 | ---- | C] () -- C:\Users\Trav\Desktop\World of Warcraft Installer.lnk

[2010/07/08 17:56:13 | 000,001,334 | ---- | C] () -- C:\Users\Trav\Desktop\Photoshop.exe - Shortcut.lnk

[2010/07/08 16:56:12 | 000,248,261 | ---- | C] () -- C:\Users\Trav\Desktop\SADFACE.jpg

[2010/07/07 00:11:15 | 000,059,074 | ---- | C] () -- C:\Users\Trav\Desktop\4chan.jpg

[2010/07/06 18:27:22 | 000,012,417 | ---- | C] () -- C:\Users\Trav\Desktop\IW.docx

[2010/07/06 05:14:01 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk

[2010/07/05 20:36:08 | 093,724,872 | ---- | C] () -- C:\Users\Trav\Desktop\Record.mp3

[2010/07/05 20:34:28 | 049,642,676 | ---- | C] () -- C:\Users\Trav\Desktop\Warcraft - Orcs and Humans.rar

[2010/07/02 19:41:21 | 000,001,854 | ---- | C] () -- C:\Users\Trav\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/07/01 14:21:36 | 000,180,258 | ---- | C] () -- C:\Users\Trav\Desktop\Record.jpg

[2010/06/30 23:36:15 | 061,999,274 | ---- | C] () -- C:\Users\Trav\Desktop\Magic_Workstation_-_WoW_-_Vista.zip

[2010/06/30 18:32:17 | 000,193,320 | ---- | C] () -- C:\Users\Trav\Desktop\EmailPassword.jpg

[2010/06/30 17:24:27 | 000,134,412 | ---- | C] () -- C:\Users\Trav\Desktop\Paypal.jpg

[2010/06/29 23:49:51 | 000,000,162 | -H-- | C] () -- C:\Users\Trav\Desktop\~$u stated.docx

[2010/06/29 23:43:04 | 000,000,312 | ---- | C] () -- C:\Users\Trav\Desktop\Curse Client.appref-ms

[2010/06/26 11:07:55 | 000,032,078 | ---- | C] () -- C:\Users\Trav\Desktop\socializer.htm

[2010/06/24 15:41:28 | 000,000,000 | ---- | C] () -- C:\Users\Trav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2010/06/21 17:21:03 | 000,014,905 | ---- | C] () -- C:\Users\Trav\Desktop\You stated.docx

[2010/06/21 01:19:04 | 005,320,540 | ---- | C] () -- C:\Users\Trav\Desktop\[iOSYS] F O E_ High Quality, English subs.flv

[2010/06/17 01:09:32 | 000,073,404 | ---- | C] () -- C:\Users\Trav\Desktop\sick.hair.insperation.jpg

[2010/06/16 14:22:02 | 001,783,305 | ---- | C] () -- C:\Users\Trav\Desktop\BitTorrent-6.4e.exe

[2010/06/15 00:25:02 | 000,022,931 | ---- | C] () -- C:\Users\Trav\Desktop\Response to Goff From Facebook.docx

[2010/06/12 13:50:53 | 001,555,257 | ---- | C] () -- C:\Users\Trav\Chemistry Essentials Dummies.pdf

[2010/06/11 02:15:40 | 000,385,332 | ---- | C] () -- C:\Users\Trav\Desktop\TV.jpg

[2010/06/10 00:09:15 | 000,001,942 | ---- | C] () -- C:\Users\Trav\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk

[2010/06/09 21:45:11 | 000,001,485 | ---- | C] () -- C:\Users\Trav\Desktop\BYOND.lnk

[2010/04/10 00:33:08 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to DVD.INI

[2010/03/27 21:54:33 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll

[2010/03/04 17:44:03 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

[2009/12/03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2009/11/26 21:52:50 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini

[2009/11/09 04:16:24 | 000,000,099 | ---- | C] () -- C:\Windows\REDEMUNINS.INI

[2009/11/09 04:16:23 | 000,004,224 | R--- | C] () -- C:\Windows\System32\drivers\REFILERW.SYS

[2009/11/07 15:24:37 | 000,000,943 | ---- | C] () -- C:\Windows\TATCALL.INI

[2009/11/07 15:24:37 | 000,000,259 | ---- | C] () -- C:\Windows\TATUNINS.INI

[2009/11/07 15:24:37 | 000,000,020 | ---- | C] () -- C:\Windows\TATVER.INI

[2009/10/21 10:28:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/05/30 20:03:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2009/05/30 20:03:51 | 000,014,336 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/05/12 22:17:54 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2009/05/12 22:06:37 | 000,018,790 | ---- | C] () -- C:\Windows\System32\ddmon.dll

[2009/04/26 23:13:36 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini

[2009/04/12 07:29:57 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2009/03/31 12:01:41 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll

[2009/03/31 12:01:41 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll

[2009/03/31 02:45:08 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys

[2009/03/31 02:26:38 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2009/03/31 02:26:37 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2009/03/31 02:26:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2009/03/31 02:26:37 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2009/03/31 00:51:46 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008/08/14 14:48:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/08/14 14:28:30 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008/08/14 14:28:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008/08/14 14:28:30 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008/08/14 14:28:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008/08/14 14:28:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2008/06/12 20:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll

[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008/04/24 20:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll

[2008/04/24 20:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll

[2008/04/24 20:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll

[2008/04/24 20:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll

[2008/04/24 20:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll

[2008/04/24 20:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll

[2007/12/21 18:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2007/10/18 17:36:54 | 000,061,440 | ---- | C] () -- C:\Windows\System32\deskMenu2.dll

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll

[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll

[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll

[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

post-21615-1278668430_thumb.jpg

Link to post
Share on other sites

The Additional Old Timer "Extra" Log can be found below.

OTL Extras logfile created on: 7/9/2010 4:13:26 AM - Run 1

OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\Trav\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 231.42 Gb Total Space | 61.72 Gb Free Space | 26.67% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 550.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PORTAL

Current User Name: Trav

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2832454390-3471946568-872056493-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{000D4EBF-7B8D-4E14-B3B4-F9DB852B383A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{1092775F-11E6-41D2-976F-B0816237F6BF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1A66F16B-0EFA-4004-9E04-2BE0569DB01C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1EB7BCC5-5058-4142-BE95-BC126285D446}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{2FF4EB20-166A-4DA0-8D50-05AA49D93E96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{366DE3B3-07D0-4D8D-93AF-ED21A0A29296}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{45C6ED9E-6E35-48AE-AE54-EB89EDE5CD8C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{7697E2F3-2D9D-4333-A3CD-E1B1736838E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C013BC63-1811-4959-A2BF-C39CFEE6817C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{C624A1C4-F9C1-44FA-AA68-BDC58BF1F4C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{FF43C402-54F4-4D35-B682-2A48DD662274}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{062BA2D5-4DDC-4336-BA3C-1174F3D84CEA}" = protocol=6 | dir=in | app=c:\users\trav\appdata\local\temp\7zs731c.tmp\symnrt.exe |

"{09B4A36F-378B-4103-8749-232DA98F40B4}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |

"{0E39B82E-8C2E-47D9-9A35-52F4E6A7F49D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{13648EE8-0094-46CD-898E-4C9E92C93165}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mount and blade demo\runme.exe |

"{19B80962-D2B7-4047-A5D1-352865D490EF}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |

"{19F367DB-CCFB-4236-ADFD-7C106A3E4DA4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\travza\age of chivalry\hl2.exe |

"{1AFF8292-F579-49DB-92C6-ED4D778F45CE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |

"{20A088C6-4AC5-4036-94B3-243E37EF4FB8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\travza\source sdk base 2007\hl2.exe |

"{244170B0-142D-482B-9023-D9C8D311280F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{297C6209-4FEF-45E9-991F-9FE7FBA9E48D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mount and blade demo\runme.exe |

"{2FF31C3A-F941-40E0-A3FA-3B123C79F153}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{37E430F4-5480-440F-B2D7-D711B3DDB7C7}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |

"{41AFCC0B-E3F0-48E1-8020-9B8E19F6BCC1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{44D9A5B8-6DD9-49CE-84B0-65E94833E741}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4879607B-77F8-4B34-A286-7DFB915D485A}" = protocol=17 | dir=in | app=c:\users\trav\appdata\local\temp\7zs731c.tmp\symnrt.exe |

"{4FA7C8BE-5C67-4FAF-9094-E79A15D9B324}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |

"{623438C7-165C-4B87-8F8A-0D92148C19DA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\travza\age of chivalry\hl2.exe |

"{64603CEF-962F-43C0-A3C8-50EFCF62D15A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |

"{65F7D435-4DFA-4704-BA47-F8D15DF781EB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\travza\source sdk base 2007\hl2.exe |

"{673D0E70-311F-4804-BD42-1E2854EC2138}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\travza\synergy\hl2.exe |

"{78B4DD2F-E8CD-4E96-9447-00030E9F541B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{7A6A9945-1F04-4DC3-B169-4C100EDF1B0B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |

"{825952A3-AD14-4C35-AB0E-F09B60F20E7E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8D9BBE6D-69E7-4F73-A09E-9AF35FD17B8B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{955FF6B2-CA11-4380-8050-1E21900F62C0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{9CDB1081-3E93-452E-9B83-7F03CCA4C3C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A01A7F17-8D67-4541-A675-5DE2B1139294}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A0555016-8756-450F-8B6E-660CD067D696}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\travza\synergy\hl2.exe |

"{A1A331DA-BF5B-4CE1-9530-1D40A9B9C6EF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{AE87CBDF-C7A6-4D36-89B5-E9764299ED33}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |

"{B59F8F1E-DF19-408C-BDD8-1AE215EC1C0A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{CE3430F3-88C7-4815-BD4B-4D8155E0A474}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D8F38CE3-3ABD-4CD5-BCFE-9B1663E0D03A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DFFAC28E-737D-426B-B84E-70E670D89C25}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{EB6F9220-15A0-481F-A57D-34BA4F83D3EF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"TCP Query User{02113171-83A0-4E15-B98B-C121806F952D}C:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |

"TCP Query User{0D687EFB-4E59-4C64-B9CD-9CC3B4882399}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |

"TCP Query User{0E3545CA-0FDB-4C0F-90E3-56357E0F6053}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"TCP Query User{1DD944A3-4EFB-4168-B960-DB65819E5C8C}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |

"TCP Query User{21323ADD-F2B7-4F6A-964C-89C325FB1BCD}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{24C9B71C-21A1-4694-859A-DAEF946E783C}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"TCP Query User{3392AC40-790D-466B-A81C-8D29D9B83831}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{4F10FE99-FA85-4EFA-B89E-AB151E69CF51}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |

"TCP Query User{554D3A51-5845-4D3C-9742-B936C6D418F3}C:\program files\steam\steamapps\travza\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\travza\team fortress 2\hl2.exe |

"TCP Query User{98CD216F-E7FA-4A75-9E94-6836CB9FBC63}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |

"TCP Query User{C6B4286C-5D2E-47F2-956D-9EB901C1A84A}C:\games\black and white\runblack.exe" = protocol=6 | dir=in | app=c:\games\black and white\runblack.exe |

"TCP Query User{CCAA54F9-4A0D-46FC-99D0-C629B40CFC88}C:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |

"TCP Query User{D2427EED-1113-4E31-A559-44B0EB383408}C:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |

"UDP Query User{00CD59A7-3C8F-47EA-AEE9-2B7CF2DEBF40}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{44FEE308-1381-4CF2-AC60-84CBCDDA6D3E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{5359782D-A82A-4E2E-93A0-FC5060C0AABB}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |

"UDP Query User{685F849E-9E3C-4977-BB73-339192FEDDC1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"UDP Query User{7C672752-F03E-4F5B-8A88-EC99544EBE34}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |

"UDP Query User{7F2D2AFE-DF08-43A1-8E72-7F3EEC973EC5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"UDP Query User{88E05CBE-6C03-473E-B111-CCEA9421C696}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

"UDP Query User{918D08E3-72C3-4E94-A511-7A8B3F6862E8}C:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |

"UDP Query User{B41458D0-4652-477C-84C3-377A33E57D03}C:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |

"UDP Query User{C79AD7FD-CD58-491C-9869-D23299782407}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |

"UDP Query User{E07699CC-EDFB-483A-9708-125B9B853B06}C:\games\black and white\runblack.exe" = protocol=17 | dir=in | app=c:\games\black and white\runblack.exe |

"UDP Query User{E74CF086-158F-4ABE-888C-052557560D84}C:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |

"UDP Query User{F2D91F6A-2752-4404-A18E-FCD21B89B096}C:\program files\steam\steamapps\travza\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\travza\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2

"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree

"{0E2D23C7-037B-BF76-FC2E-DDF142C4B8DC}" = Reg (DOFUS Audio Subsystem)

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel

"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype

Link to post
Share on other sites

Greetings once more,

I've encountered something of a strange occurrence that I thought I should report. After submitting my last few posts I encountered a bizarre problem in which my cpu's power was being eaten by some large process. So I slunk over to my task manager and discovered that none other then my Windows Parental Control system was devouring 50% of my CPU's available resources. Finding this uncanny I then tried loading up M-Bam to do an additional scan. The scanner hung. I tried loading up Avast, it also hung. In frustration I decided to sever all network connections, log out and reboot. Upon boot up I ran another Gmer and found bizarre entries amongst it's items, one such entry documented in the picture below.

Unfortunatly Gmer died again, I managed to get down the filed it choked on this time, "\Device\Harddisk\VolumeShadowCopy1"

Your advice / input is appreciated.

~Trav

post-21615-1278676210_thumb.jpg

Link to post
Share on other sites

Hello again,

Lets see if we can find out what is causing all this. As a side note, GMER often crashes, that is nothing to worry about.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Greetings!

Before starting combo-fix I want to report that after running a full M-bam scan adware has been found and removed. It would seem what we've been doing has flushed them out to some extent, or that they were infecting locations that previously weren't scanned.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4295

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

7/9/2010 12:20:50 PM

mbam-log-2010-07-09 (12-20-50).txt

Scan type: Full scan (C:\|E:\|L:\|)

Objects scanned: 376924

Time elapsed: 2 hour(s), 12 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\Program Files\Dealio Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Should I run Combo-fix now?

Link to post
Share on other sites

I ran ComboFix and stepped out of my room for a minute. When I returned I discovered my machine's screen blacked out, hard drive moving occasionally, and processor working. I let this go for about 5 minutes before deciding to kill the process and reboot. Everything seems to be running normally and if you want me to run ComboFix at this time once more I can. Is seeing a screen completely blacked out a normal part of ComboFix procedure and are there any other less then usual events to expect when running it?

Link to post
Share on other sites

I've struck something of a snag.

I'm getting errors saying my file system has been corrupted. I am then asked to run chkdsk. chkdsk is unable to mount the drive and asks to run on reboot. Chkdsk then fails to loadup on startup saying it cannot mount he drive on bootup either.

Combofix can't run because it evidently can't form files, in fact the only program that is able to generate files at this point is notepad as far I as understand.

Link to post
Share on other sites

These errors occur whenever a file is accessed or attempts to run, but seems to only impact performance to a degree. On the other machine I cannot run any browsers without running into issue, which may suggest that the machine is unable to generate temp files. At the moment I'm using another machine just to post this up. I'm currently backing up all personal information onto an external hard-drive. Oddly, the machine also said that my external hard drive's file system was also corrupted but is allowing me to copy all of my data to it.

When I try to run combofix the system responds with "File system is corrupted, Combofix cannot create files." or something tot that affect. I'm considering just wiping the machine and reloading, but if you have any other suggestions I'd like to here them first.

Link to post
Share on other sites

I don't have a thumb drive at the moment, I haven't had enough money to purchase a new one after my last one was rendered unusable.

Before I do anything though I'm going to backup my personal files just in case something goes wrong.

Link to post
Share on other sites

You mentioned Safe Mode hangs at CRCdisk, which is also not a good sign.

When you try to attempt a browser, do you also get the error about filesystem errors?

Do you have your Vista DVD at hand (if so, we can use it to run a disk check from the command prompt).

Link to post
Share on other sites

I actually have to CRCdisk.sys processes running at the moment. Highly suspect processes are highly suspect >.>.

Yes I do have the disk on hand and can run off of it after loading up all of my data on my external drive. If you could provide instructions for using the disk to access command prompt that I can follow while using the disk I'd appreciate it.

Link to post
Share on other sites

Although the system is now operational I still get a "Detected Driver Installed Incorrectly" error coupled with an inability to enter safe mode. However, I question whether this is the work of viruses or just system integrity issues chkdsk failed to correct.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.