Trav Posted November 12, 2011 ID:494004 Share Posted November 12, 2011 Good Day,Recently I tried updating my copy of "The Free FLV Converter" which resulted in the addition of several messy plugins that tried to redirect all traffic on this system. I've since managed to disable and remove plugin components, but unfortunately am uncertain whether something more malicious might have been added. At the moment I'm setting up my copy of Avast! to preform a boot time scan. If anyone could provide me any advice on how to address this problem after this scan I would be most grateful.~TravEDIT(12/14/2011): The boot time scan succeeded but failed to find anything of note. However, I've noticed that several files have had their file types change (mostly vidoes) and my version of firefox has had it's search engines and default homepage changed. I revert them to the originals, but they seem to change every time I restart the machine.EDIT THE SECOND(14/14/2011): It seems that all I need to do to get the described behavior from firefox is to restart it, not the entire computer system. I also discovered that the file changes were an expected result of a recent videoplayer I installed and shouldn't be of any concern. My big worry here is that this (whatever it is) is also screening my browsers for passwords. Any help in dealing with this problem would be highly appreciated Link to post Share on other sites More sharing options...
Staff screen317 Posted November 17, 2011 Staff ID:495688 Share Posted November 17, 2011 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, download DDS by sUBs and save it to your Desktop. Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
Trav Posted November 20, 2011 Author ID:496462 Share Posted November 20, 2011 Greetings,I ran the MBAM quickscan and got the results posted below. I have tried running DDS twice, both times with my AV deactivated and my firewall down. Both times the scan hung at 20 minutes and I was forced to hard shutdown. Even more frightening, upon trying to get to this site via chrome on my last reset the machine suffered from a stop error. I've attached a stop error file report file in the event it is somehow relevant.Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8197Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.1311/19/2011 5:43:03 PMmbam-log-2011-11-19 (17-43-03).txtScan type: Quick scanObjects scanned: 182724Time elapsed: 4 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)report.html Link to post Share on other sites More sharing options...
Staff screen317 Posted November 24, 2011 Staff ID:497754 Share Posted November 24, 2011 Hi,Try this instead:Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.Click Run Scan and let the program run uninterrupted.It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.You may need to use two posts to get it all. Link to post Share on other sites More sharing options...
Trav Posted November 27, 2011 Author ID:498700 Share Posted November 27, 2011 OTL logfile created on: 11/27/2011 12:59:39 PM - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Amun-Ra 13\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.25 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 60.00% Memory free5.09 Gb Paging File | 3.78 Gb Available in Paging File | 74.23% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 232.88 Gb Total Space | 50.60 Gb Free Space | 21.73% Space Free | Partition Type: NTFSDrive E: | 690.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive F: | 1.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDFDrive H: | 590.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: SEKHMET | User Name: Amun-Ra 13 | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/11/27 12:53:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amun-Ra 13\Desktop\OTL.exePRC - [2011/10/02 05:15:02 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exePRC - [2011/09/06 14:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exePRC - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exePRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exePRC - [2011/06/23 14:54:51 | 000,490,112 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\real\realplayer\realplay.exePRC - [2011/06/23 14:54:41 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\real\realplayer\Update\realsched.exePRC - [2011/06/11 11:08:44 | 002,600,264 | ---- | M] (Mister Group) -- C:\Program Files\System Explorer\SystemExplorer.exePRC - [2011/03/24 02:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exePRC - [2010/10/21 08:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exePRC - [2010/10/21 08:38:32 | 002,953,584 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exePRC - [2010/10/21 08:38:32 | 001,153,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exePRC - [2010/10/21 08:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exePRC - [2009/06/22 11:28:56 | 000,335,872 | ---- | M] (Dura Micro, Inc) -- C:\Program Files\AutoTask\AutoTask.exePRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exePRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe========== Modules (No Company Name) ==========MOD - [2011/11/27 00:50:50 | 001,619,456 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112700\algo.dllMOD - [2011/11/25 11:12:36 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112700\aswRep.dllMOD - [2011/11/20 02:51:25 | 001,618,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112000\algo.dllMOD - [2011/11/15 05:59:54 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112000\aswRep.dllMOD - [2010/10/21 08:38:34 | 000,962,416 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dllMOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2008/05/02 21:46:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)SRV - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)SRV - [2010/10/26 10:07:58 | 004,060,752 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)SRV - [2010/10/21 08:38:32 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)SRV - [2010/10/21 08:38:32 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)========== Driver Services (SafeList) ==========DRV - [2011/09/06 14:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)DRV - [2011/09/06 14:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)DRV - [2011/09/06 14:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)DRV - [2011/09/06 14:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2011/09/06 14:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)DRV - [2011/09/06 14:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2011/09/06 14:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)DRV - [2010/11/02 20:36:10 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)DRV - [2010/10/05 12:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)DRV - [2010/10/05 12:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)DRV - [2010/03/17 02:40:12 | 005,878,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2009/11/17 17:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)DRV - [2009/11/17 17:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)DRV - [2008/07/31 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) NVIDIA Network Bus (by 3DP)DRV - [2008/07/31 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)DRV - [2007/04/30 04:11:04 | 000,004,224 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\REFILERW.SYS -- (REFILERW)DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)DRV - [2006/04/24 03:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/413IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value foundIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Searchqu Web Search"FF - prefs.js..browser.search.defaultthis.engineName: " "FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"FF - prefs.js..browser.search.order.1: "Searchqu Web Search"FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "about:home"FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amoFF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06FF - prefs.js..extensions.enabledItems: firefox@adhacker.com:0.7FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.1.5FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=413&sr=0&q="FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/11/08 02:44:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/09 03:00:33 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/09/08 07:12:18 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/23 14:55:37 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/22 13:06:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 12:47:24 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 16:31:55 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/22 13:06:25 | 000,000,000 | ---D | M][2011/11/09 17:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Extensions[2011/11/26 19:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions[2011/10/29 15:19:26 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}[2010/11/09 12:12:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2011/11/19 17:06:20 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}[2011/10/08 12:01:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}[2011/11/11 12:06:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}[2011/05/13 21:15:34 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\DefaultManager@Microsoft[2010/11/11 10:08:16 | 000,000,000 | ---D | M] (Ad Hacker) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\firefox@adhacker.com[2011/11/26 19:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\extensions\staged[2011/04/13 01:01:31 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Application Data\Mozilla\Firefox\Profiles\sor4tj3l.default\searchplugins\youtube-video-search.xml[2011/11/12 12:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2011/11/19 21:02:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2011/05/21 09:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}() (No name found) -- C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SOR4TJ3L.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI() (No name found) -- C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SOR4TJ3L.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI() (No name found) -- C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SOR4TJ3L.DEFAULT\EXTENSIONS\FIREFOXADDON@SIMILARWEB.COM.XPI[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll[2011/06/12 15:17:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2011/11/09 16:50:19 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dllCHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dllCHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dllCHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dllCHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dllCHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllCHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllCHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dllCHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dllCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dllCHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dllCHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dllCHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dllCHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dllCHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dllCHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dllCHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dllCHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - plugin: Default Plug-in (Enabled) = default_pluginCHR - Extension: WOT = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.4_0\CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\CHR - Extension: avast! WebRep = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\CHR - Extension: Skype Click to Call = C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [AutoTask] C:\Program Files\AutoTask\AutoTask.exe (Dura Micro, Inc)O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not foundO4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()O4 - HKCU..\Run: [systemExplorerAutoStart] C:\Program Files\System Explorer\SystemExplorer.exe (Mister Group)O4 - Startup: C:\Documents and Settings\Amun-Ra 13\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 68.115.71.53 24.196.64.53O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E72B4C8-E076-432D-AF33-D02711C86F7A}: DhcpNameServer = 24.159.193.40 68.115.71.53 24.196.64.53O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010/04/22 18:39:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2000/01/06 15:35:04 | 000,000,049 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]O32 - AutoRun File - [2009/10/01 18:15:21 | 000,000,000 | R--D | M] - F:\Autorun -- [ UDF ]O32 - AutoRun File - [2007/06/10 22:25:04 | 000,263,744 | R--- | M] (Firaxis Games) - F:\autorun.exe -- [ UDF ]O32 - AutoRun File - [2007/06/28 12:34:01 | 000,006,299 | R--- | M] () - F:\autorun.inf -- [ UDF ]O32 - AutoRun File - [2002/03/07 11:55:00 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - H:\autorun.exe -- [ CDFS ]O32 - AutoRun File - [2003/07/01 08:35:28 | 000,000,049 | R--- | M] () - H:\autorun.inf -- [ CDFS ]O32 - AutoRun File - [2003/07/07 10:44:28 | 000,000,990 | R--- | M] () - H:\autorun.ini -- [ CDFS ]O33 - MountPoints2\{32ad02d2-edd9-11e0-9322-001d7d9fce27}\Shell - "" = AutoRunO33 - MountPoints2\{32ad02d2-edd9-11e0-9322-001d7d9fce27}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{32ad02d2-edd9-11e0-9322-001d7d9fce27}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -aO33 - MountPoints2\{6d910d45-0e41-11e0-90ae-001d7d9fce27}\Shell - "" = AutoRunO33 - MountPoints2\{6d910d45-0e41-11e0-90ae-001d7d9fce27}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{6d910d45-0e41-11e0-90ae-001d7d9fce27}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -aO33 - MountPoints2\{7c997116-d25e-11df-bf33-001d7d9fce27}\Shell - "" = AutoRunO33 - MountPoints2\{7c997116-d25e-11df-bf33-001d7d9fce27}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{7c997116-d25e-11df-bf33-001d7d9fce27}\Shell\AutoRun\command - "" = H:\Launcher.exeO33 - MountPoints2\{f8ce27cb-e828-11df-b601-001d7d9fce27}\Shell - "" = AutoRunO33 - MountPoints2\{f8ce27cb-e828-11df-b601-001d7d9fce27}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{f8ce27cb-e828-11df-b601-001d7d9fce27}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1999/10/29 10:11:12 | 000,032,768 | R--- | M] ()O33 - MountPoints2\{f8ce27cf-e828-11df-b601-001d7d9fce27}\Shell - "" = AutoRunO33 - MountPoints2\{f8ce27cf-e828-11df-b601-001d7d9fce27}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{f8ce27cf-e828-11df-b601-001d7d9fce27}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2002/03/07 11:55:00 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>)O33 - MountPoints2\{f8ce27d0-e828-11df-b601-001d7d9fce27}\Shell - "" = AutoRunO33 - MountPoints2\{f8ce27d0-e828-11df-b601-001d7d9fce27}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{f8ce27d0-e828-11df-b601-001d7d9fce27}\Shell\AutoRun\command - "" = H:\panel.exe -SecondCDO33 - MountPoints2\E\Shell - "" = AutoRunO33 - MountPoints2\E\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1999/10/29 10:11:12 | 000,032,768 | R--- | M] ()O33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- [2007/06/10 22:25:04 | 000,263,744 | R--- | M] (Firaxis Games)O33 - MountPoints2\H\Shell - "" = AutoRunO33 - MountPoints2\H\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -aO34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/11/27 12:53:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amun-Ra 13\Desktop\OTL.exe[2011/11/20 05:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Start Menu\Programs\NirSoft BlueScreenView[2011/11/20 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft[2011/11/19 17:44:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Amun-Ra 13\Start Menu\Programs\Administrative Tools[2011/11/19 17:43:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Amun-Ra 13\Desktop\dds.scr[2011/11/09 23:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\My Documents\Freecorder[2011/11/09 23:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\FLVService[2011/11/09 23:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freecorder[2011/11/09 23:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder[2011/11/09 17:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Start Menu\Programs\Revo Uninstaller[2011/11/09 17:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Application Data\searchqutoolbar[2011/11/09 16:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar[2011/11/09 16:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess[2011/11/09 16:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\SearchCore for Browsers[2011/11/08 13:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Desktop\Magic The Gathering[2011/10/29 18:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX[2011/10/29 18:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\My Documents\Overlord[2011/10/29 03:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\CrashRpt[2011/10/29 03:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow[2011/10/29 03:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow[2011/10/29 03:06:13 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll[2011/10/29 03:06:13 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll[2011/10/29 03:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL[2011/10/29 03:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\My Documents\Grotesque-Tactics[2011/10/29 02:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\Painkiller Overdose[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/11/27 12:53:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amun-Ra 13\Desktop\OTL.exe[2011/11/27 05:31:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2011/11/27 00:31:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2011/11/27 00:30:33 | 054,194,381 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Japan, Kami_ The Gods of Shinto.mp4[2011/11/23 17:30:26 | 000,402,742 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\MEANSGRAPH.bmp[2011/11/23 17:26:05 | 000,350,074 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Means.bmp[2011/11/23 16:44:22 | 001,515,486 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Test sample.bmp[2011/11/22 17:38:54 | 010,232,907 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\TF2_ The Infamous Engie-Ninja.flv[2011/11/21 10:11:05 | 000,645,325 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\1lERs.jpg[2011/11/21 01:01:42 | 000,034,495 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\132184022153.jpg[2011/11/20 21:16:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2011/11/20 19:33:57 | 000,025,418 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\PONY.jpg[2011/11/20 05:49:08 | 000,003,732 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\report.html[2011/11/20 05:47:15 | 000,129,813 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\bluescreenview_setup.exe[2011/11/20 05:37:08 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-1035525444-725345543-1004.job[2011/11/20 05:36:34 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2011/11/20 05:36:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011/11/20 05:36:07 | 3489,189,888 | -HS- | M] () -- C:\hiberfil.sys[2011/11/20 05:36:05 | 154,415,104 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP[2011/11/20 05:22:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011/11/19 17:43:26 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Amun-Ra 13\Desktop\dds.scr[2011/11/17 15:55:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-1035525444-725345543-1004.job[2011/11/15 21:30:06 | 002,560,258 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\The Sun_ Page 3 - the woman you_d love your woman to be like.flv[2011/11/14 16:58:18 | 000,006,535 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\illskillzazn+rolled+a+random+image+This+is+waht+you+get+_92b1d203286ae016bcf316ed37905cb7.jpg[2011/11/12 15:01:36 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\My Documents\cc_20111112_150134.reg[2011/11/12 14:41:56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl[2011/11/12 12:47:28 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2011/11/12 12:47:28 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2011/11/11 17:35:41 | 057,723,659 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\The RSA.flv[2011/11/09 17:24:13 | 000,023,062 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\My Documents\cc_20111109_172406.reg[2011/11/08 17:57:29 | 000,035,100 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\August-04-2011-21-22-53-twistedvintageblogspotFirstPosts461x700214003580.jpeg[2011/11/08 17:57:13 | 000,025,477 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\November-06-2011-03-06-46-tumblrlts27gb8oI1qadvboo11280.jpg[2011/11/07 10:44:08 | 000,526,608 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2011/11/07 10:44:08 | 000,096,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2011/11/04 12:17:56 | 000,311,296 | ---- | M] (FLV.com) -- C:\WINDOWS\System32\TubeFinder.exe[2011/10/31 12:15:56 | 000,029,769 | ---- | M] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\rev3_fa_11.pdf[2011/10/29 03:06:13 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll[2011/10/29 03:06:13 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2011/11/27 00:29:20 | 054,194,381 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Japan, Kami_ The Gods of Shinto.mp4[2011/11/23 17:28:25 | 000,402,742 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\MEANSGRAPH.bmp[2011/11/23 17:26:05 | 000,350,074 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Means.bmp[2011/11/23 16:44:22 | 001,515,486 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\Test sample.bmp[2011/11/22 17:38:06 | 010,232,907 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\TF2_ The Infamous Engie-Ninja.flv[2011/11/21 10:11:04 | 000,645,325 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\1lERs.jpg[2011/11/21 01:01:41 | 000,034,495 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\132184022153.jpg[2011/11/20 19:33:56 | 000,025,418 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\PONY.jpg[2011/11/20 05:54:30 | 000,003,732 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\report.html[2011/11/20 05:47:15 | 000,129,813 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\bluescreenview_setup.exe[2011/11/15 21:30:02 | 002,560,258 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\The Sun_ Page 3 - the woman you_d love your woman to be like.flv[2011/11/14 16:58:17 | 000,006,535 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\illskillzazn+rolled+a+random+image+This+is+waht+you+get+_92b1d203286ae016bcf316ed37905cb7.jpg[2011/11/12 15:01:35 | 000,001,008 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\My Documents\cc_20111112_150134.reg[2011/11/11 17:23:31 | 057,723,659 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\The RSA.flv[2011/11/09 17:24:07 | 000,023,062 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\My Documents\cc_20111109_172406.reg[2011/11/08 17:57:29 | 000,035,100 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\August-04-2011-21-22-53-twistedvintageblogspotFirstPosts461x700214003580.jpeg[2011/11/08 17:57:13 | 000,025,477 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\November-06-2011-03-06-46-tumblrlts27gb8oI1qadvboo11280.jpg[2011/10/31 12:17:25 | 000,029,769 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Desktop\rev3_fa_11.pdf[2011/10/29 03:07:47 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2011/08/25 16:18:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\TwistedPNG.dll[2011/08/25 16:18:26 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\TwistedTiff.DLL[2011/08/22 13:01:33 | 000,208,153 | ---- | C] () -- C:\WINDOWS\hpoins43.dat[2011/08/22 13:01:33 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat[2011/08/21 15:05:14 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini[2011/05/23 01:10:07 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Shipsw.ini[2011/03/20 00:05:54 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin[2011/03/20 00:05:52 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin[2011/03/20 00:05:52 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin[2011/03/20 00:05:45 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin[2011/03/20 00:04:32 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin[2010/12/23 12:39:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll[2010/12/14 14:34:54 | 000,000,125 | ---- | C] () -- C:\WINDOWS\FlashDecompiler.INI[2010/11/29 21:47:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010/11/13 12:06:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2010/11/08 02:10:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2010/11/04 19:50:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2010/11/04 19:29:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2010/11/04 18:12:53 | 000,817,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/10/07 16:03:53 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI[2010/10/07 16:03:53 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI[2010/10/07 16:03:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI[2010/10/07 16:03:30 | 000,004,224 | R--- | C] () -- C:\WINDOWS\System32\drivers\REFILERW.SYS[2010/10/07 16:03:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI[2010/10/03 15:21:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat[2010/07/04 10:39:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI[2010/06/13 19:23:48 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\Amun-Ra 13\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/05/11 06:56:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2010/04/23 10:40:21 | 000,002,928 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2010/04/23 10:40:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2010/04/22 18:40:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2010/04/22 18:37:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2010/04/22 11:55:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2010/04/22 11:53:14 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin[2008/05/02 21:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll[2008/05/02 21:46:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe[2008/05/02 21:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll[2008/05/02 21:46:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe[2008/05/02 21:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll[2008/05/02 21:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll[2008/05/02 21:46:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe[2008/05/02 21:46:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe[2008/05/02 21:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat[2008/04/14 06:00:00 | 000,526,608 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat[2008/04/14 06:00:00 | 000,096,338 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini========== Alternate Data Streams ==========@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DED17083< End of report > Link to post Share on other sites More sharing options...
Trav Posted November 27, 2011 Author ID:498701 Share Posted November 27, 2011 OTL Extras logfile created on: 11/27/2011 12:59:39 PM - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Amun-Ra 13\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.25 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 60.00% Memory free5.09 Gb Paging File | 3.78 Gb Available in Paging File | 74.23% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 232.88 Gb Total Space | 50.60 Gb Free Space | 21.73% Space Free | Partition Type: NTFSDrive E: | 690.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive F: | 1.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDFDrive H: | 590.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: SEKHMET | User Name: Amun-Ra 13 | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %lpiffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"56797:TCP" = 56797:TCP:*:Enabled:Pando Media Booster"56797:UDP" = 56797:UDP:*:Enabled:Pando Media Booster"57349:TCP" = 57349:TCP:*:Enabled:Pando Media Booster"57349:UDP" = 57349:UDP:*:Enabled:Pando Media Booster[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724"56797:TCP" = 56797:TCP:*:Enabled:Pando Media Booster"56797:UDP" = 56797:UDP:*:Enabled:Pando Media Booster"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher"57349:TCP" = 57349:TCP:*:Enabled:Pando Media Booster"57349:UDP" = 57349:UDP:*:Enabled:Pando Media Booster========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)"C:\Documents and Settings\Amun-Ra 13\My Documents\Downloads\StarCraft_2_Beta_enUS.exe" = C:\Documents and Settings\Amun-Ra 13\My Documents\Downloads\StarCraft_2_Beta_enUS.exe:*:Enabled:Blizzard Downloader"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"C:\Program Files\Steam\steamapps\travza\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\travza\team fortress 2\hl2.exe:*:Enabled:hl2"C:\Program Files\Steam\steamapps\amunra13\opposing force\hl.exe" = C:\Program Files\Steam\steamapps\amunra13\opposing force\hl.exe:*:Enabled:Half-Life: Opposing Force -- (Valve)"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)"C:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe" = C:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect"C:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)"C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe" = C:\Program Files\Steam\steamapps\common\oblivion\OblivionLauncher.exe:*:Enabled:The Elder Scrolls IV: Oblivion -- (Bethesda Softworks)"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)"C:\Program Files\Steam\steamapps\common\beyond good and evil\CheckApplication.exe" = C:\Program Files\Steam\steamapps\common\beyond good and evil\CheckApplication.exe:*:Enabled:Beyond Good & Evil -- (Ubisoft)"C:\Program Files\Steam\steamapps\common\deus ex\System\DeusEx.exe" = C:\Program Files\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition"C:\Program Files\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe" = C:\Program Files\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)"C:\Program Files\Steam\steamapps\common\universe sandbox\Universe Sandbox.exe" = C:\Program Files\Steam\steamapps\common\universe sandbox\Universe Sandbox.exe:*:Enabled:Universe Sandbox -- (Universe Sandbox)"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)"C:\Program Files\Steam\steamapps\common\grotesque tactics\GrotesqueTactics.exe" = C:\Program Files\Steam\steamapps\common\grotesque tactics\GrotesqueTactics.exe:*:Enabled:Grotesque Tactics: Evil Heroes -- (Silent Dreams)"C:\Program Files\Steam\steamapps\common\painkiller overdose\Bin\Overdose.exe" = C:\Program Files\Steam\steamapps\common\painkiller overdose\Bin\Overdose.exe:*:Enabled:Painkiller Overdose -- (Mindware Studios)"C:\Program Files\Steam\steamapps\common\overlord\Overlord.exe" = C:\Program Files\Steam\steamapps\common\overlord\Overlord.exe:*:Enabled:Overlord -- (Triumph Studios)"C:\Program Files\Steam\steamapps\common\overlord\Config.exe" = C:\Program Files\Steam\steamapps\common\overlord\Config.exe:*:Enabled:Overlord -- ()"C:\Program Files\Steam\steamapps\common\Evil Genius\EvilGeniusLauncher.exe" = C:\Program Files\Steam\steamapps\common\Evil Genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- ()"C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock -- ()"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)"C:\Program Files\Steam\steamapps\common\fallout new vegas\FalloutNVLauncher.exe" = C:\Program Files\Steam\steamapps\common\fallout new vegas\FalloutNVLauncher.exe:*:Enabled:Fallout: New Vegas -- (Bethesda Softworks, Obsidian Entertainment)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended"{0A80329D-1B59-4F10-8D1D-924C59B2840B}" = ShufflePlusVLOI"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java 6 Update 20"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)"{B04B0C84-93F1-46F0-8990-D665A1DDC6A4}" = CC3 View"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support"{C6A25E66-9B02-448F-91FB-B69CF822B819}" = Fate of the World"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)"7-Zip" = 7-Zip 9.20"Adobe AIR" = Adobe AIR"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Audacity_is1" = Audacity 1.2.6"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0"avast" = avast! Free Antivirus"CC3 View" = CC3 View"CCleaner" = CCleaner"CDisplay_is1" = CDisplay 1.8"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows"Defraggler" = Defraggler"Desktop Video Recorder_is1" = Desktop Video Recorder 3.0"Deus Ex" = Deus Ex"DivX Setup.divx.com" = DivX Setup"DMX5_is1" = DriverMax 5"ENTERPRISE" = Microsoft Office Enterprise 2007"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]"Freecorder5.07" = Freecorder 5"FreshDevices - FreshDiagnose_is1" = FreshDiagnose"FreshDevices - FreshUI_is1" = FreshUI"gAlarm" = gAlarm"Google Chrome" = Google Chrome"HP Imaging Device Functions" = HP Imaging Device Functions 14.0"HP Photo Creations" = HP Photo Creations"HP Smart Web Printing" = HP Smart Web Printing 4.60"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0"HPExtendedCapabilities" = HP Customer Participation Program 14.0"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie8" = Windows Internet Explorer 8"ips XP_is1" = ips XP 1.11.2600"LAME for Audacity_is1" = LAME v3.98.3 for Audacity"LogMeIn Hamachi" = LogMeIn Hamachi"MagicDisc 2.7.106" = MagicDisc 2.7.106"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"Mount&Blade Warband" = Mount&Blade Warband"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"NeroMultiInstaller!UninstallKey" = Nero Suite"NirSoft BlueScreenView" = NirSoft BlueScreenView"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA Drivers" = NVIDIA Drivers"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager"OpenAL" = OpenAL"Pen Tablet Driver" = Bamboo"PerformanceTest 7_is1" = PerformanceTest v7.0"RealPlayer 12.0" = RealPlayer"Recuva" = Recuva"Revo Uninstaller" = Revo Uninstaller 1.93"SearchCore for Browsers" = SearchCore for Browsers"Searchqu 413 MediaBar" = Windows Searchqu Toolbar"Shop for HP Supplies" = Shop for HP Supplies"Speccy" = Speccy"ST5UNST #1" = Heaven & Earth"ST6UNST #1" = Ships III for Windows"Steam App 11450" = Overlord"Steam App 1250" = Killing Floor"Steam App 15130" = Beyond Good & Evil"Steam App 20570" = Warhammer® 40,000â„¢: Dawn of War® II – Chaos Risingâ„¢"Steam App 220" = Half-Life 2"Steam App 22330" = The Elder Scrolls IV: Oblivion "Steam App 22380" = Fallout: New Vegas"Steam App 240" = Counter-Strike: Source"Steam App 3270" = Painkiller Overdose"Steam App 3590" = Plants vs. Zombies: Game of the Year"Steam App 3720" = Evil Genius"Steam App 39800" = Nation Red"Steam App 4000" = Garry's Mod"Steam App 40800" = Super Meat Boy"Steam App 42120" = Lead and Gold - Gangs of the Wild West"Steam App 46450" = Grotesque Tactics: Evil Heroes"Steam App 48000" = LIMBO"Steam App 550" = Left 4 Dead 2"Steam App 6910" = Deus Ex: Game of the Year Edition"Steam App 72200" = Universe Sandbox"Steam App 7670" = BioShock"Steam App 8980" = Borderlands"System Explorer_is1" = System Explorer 2.9.0"ThiefGoldDeinstallKey" = Thief Gold"Toshiba AutoTask" = Toshiba AutoTask"VLC media player" = VLC media player 1.1.7"VTFEdit_is1" = VTFEdit 1.2.5"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin"Warcraft III" = Warcraft III"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"WinLiveSuite_Wave3" = Windows Live Essentials"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.7"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"WinDirStat" = WinDirStat 1.1.2========== Last 10 Event Log Errors ==========[ Application Events ]Error - 11/19/2011 3:30:43 AM | Computer Name = SEKHMET | Source = Application Error | ID = 1000Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.Error - 11/19/2011 7:05:42 PM | Computer Name = SEKHMET | Source = Application Error | ID = 1000Description = Faulting application javaw.exe, version 6.0.260.3, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00012905.Error - 11/19/2011 7:05:45 PM | Computer Name = SEKHMET | Source = Application Error | ID = 1001Description = Fault bucket -1814050132.Error - 11/20/2011 7:19:24 AM | Computer Name = SEKHMET | Source = Application Error | ID = 1000Description = Faulting application acrord32.exe, version 10.1.1.33, faulting module acrord32.dll, version 10.1.1.33, fault address 0x00021b12.Error - 11/20/2011 7:19:26 AM | Computer Name = SEKHMET | Source = Application Error | ID = 1001Description = Fault bucket -1688536257.Error - 11/22/2011 2:58:26 AM | Computer Name = SEKHMET | Source = Application Error | ID = 1000Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.Error - 11/22/2011 2:13:55 PM | Computer Name = SEKHMET | Source = Application Error | ID = 1000Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.Error - 11/27/2011 2:30:43 AM | Computer Name = SEKHMET | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\DESKTOP\JAPAN, KAMI_ THE GODS OF SHINTO.MP4> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 11/27/2011 2:30:44 AM | Computer Name = SEKHMET | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\AMUN-RA 13\DESKTOP\JAPAN, KAMI_ THE GODS OF SHINTO.MP4> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 11/27/2011 2:54:11 PM | Computer Name = SEKHMET | Source = Application Error | ID = 1000Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.[ System Events ]Error - 11/16/2011 3:08:06 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 66.188.219.32 on the Network Card with network address 001D7D9FCE27.Error - 11/16/2011 3:08:15 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1001Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D7D9FCE27. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.Error - 11/17/2011 12:33:19 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 66.188.219.32 on the Network Card with network address 001D7D9FCE27.Error - 11/18/2011 12:48:49 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 66.188.219.32 on the Network Card with network address 001D7D9FCE27.Error - 11/19/2011 2:44:33 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 66.188.219.32 on the Network Card with network address 001D7D9FCE27.Error - 11/21/2011 12:00:59 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 66.188.219.32 on the Network Card with network address 001D7D9FCE27.Error - 11/22/2011 12:32:40 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 66.188.219.32 on the Network Card with network address 001D7D9FCE27.Error - 11/23/2011 3:39:20 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 66.188.219.32 on the Network Card with network address 001D7D9FCE27.Error - 11/26/2011 4:37:50 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 66.188.219.32 on the Network Card with network address 001D7D9FCE27.Error - 11/27/2011 2:45:05 PM | Computer Name = SEKHMET | Source = Dhcp | ID = 1000Description = Your computer has lost the lease to its IP address 66.188.219.32 on the Network Card with network address 001D7D9FCE27.< End of report > Link to post Share on other sites More sharing options...
Staff screen317 Posted December 3, 2011 Staff ID:500861 Share Posted December 3, 2011 Hi,My apologies for the extended delay.Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted December 12, 2011 Staff ID:503861 Share Posted December 12, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 22, 2011 Staff ID:508179 Share Posted December 22, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 11, 2012 Staff ID:515931 Share Posted January 11, 2012 Unlocked at request of OP. Link to post Share on other sites More sharing options...
Trav Posted January 11, 2012 Author ID:516082 Share Posted January 11, 2012 My apologies for the extended absence.I've tried running combofix as per your request, but all three times I've attempted to run it the program hangs. I disabled my copy of Avast! and disabled the Windows Firewall, but neither action allowed me to run combofix. Recently Malwarebytes caught a few infected files, but the log for the infected files found seems to have gone missing.I'm also noticing several BSOD errors, however I'm not sure those are related to any infections that might exist. Link to post Share on other sites More sharing options...
Staff screen317 Posted January 13, 2012 Staff ID:516585 Share Posted January 13, 2012 Hi,Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com (ensure that the Save As type is "All Files").Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).Click Start --> Run, and enter this command exactly as shown:"%userprofile%\desktop\sega.com" /killallSee if it will run successfully now. Stop it after half an hour of no activity. Link to post Share on other sites More sharing options...
Trav Posted January 13, 2012 Author ID:516706 Share Posted January 13, 2012 I attempted to run combofix as you directed, but for some reason I got a warning saying that Avast! antivirus was blocking the program from running it's script. How that is possible eludes me, seeing as the machine was running in safe mode and when I opened the task manager I didn't see an avast process. Furthermore, wasn't the /killall command supposed to terminate all non-essential processes?Any advice you could provide would be appreciated. Link to post Share on other sites More sharing options...
Staff screen317 Posted January 13, 2012 Staff ID:516708 Share Posted January 13, 2012 Temporarily uninstall avast (disconnect from the Internet to be safe), then try again with a fresh copy of ComboFix. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 22, 2012 Staff ID:529589 Share Posted February 22, 2012 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 28, 2012 Staff ID:531333 Share Posted February 28, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts