Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

popups constantly

This is a discussion on popups constantly within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello. i have been getting popups pretty much everytime i open firefox the popups are mainly about some registry stuff.


 
 
Thread Tools Search this Thread
Old 10-20-2010, 09:39 AM   #1
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



Hello. i have been getting popups pretty much everytime i open firefox the popups are mainly about some registry stuff. i have ran the programs you asked in the getting started list. for some reason i couldn't get gmer to run when i open it it says "c:\windows\system32\config\system: the system can not find the file specified.


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by ajddle at 12:04:58.47 on Wed 10/20/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.56 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\StarCraft II\Versions\Base16755\SC2.exe
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ajddle\Downloads\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
mRun: [note]
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
SecurityProviders: credssp.dll, mqsdtmef.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://startskins.com/3385973558/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=y2o7ryRJIwgIS8G50PiCfg&psa=&ind=2010042213&ptnrS=ZJfox000&si=&st=kwd&n=77cecf65&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\ajddle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\ajddle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: XULRunner: {AC61C660-144C-4B1F-94EE-9148DCF3FB82} - C:\Users\ajddle\AppData\Local\{AC61C660-144C-4B1F-94EE-9148DCF3FB82}\

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

S3 leafnets;Leaf Networks Adapter;C:\Windows\System32\drivers\leafnets.sys [2008-4-25 29696]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-10-19 18:08:12 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E93A8D69-01DA-4F5D-9E9B-0E2309B6BE21}\mpengine.dll
2010-10-19 14:28:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-10-19 14:28:47 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-10-14 06:08:07 -------- d-----w- C:\Users\ajddle\AppData\Roaming\ERS Game Studios
2010-10-14 06:07:43 -------- d-----w- C:\PROGRA~3\Alawar Stargaze
2010-10-14 05:17:00 -------- d-----w- C:\Program Files (x86)\Games
2010-10-11 21:25:23 -------- d-----w- C:\PROGRA~3\Nero
2010-10-11 21:01:59 -------- d-----w- C:\Program Files (x86)\Magic Video Converter
2010-10-11 20:34:16 -------- d-----w- C:\Users\ajddle\AppData\Local\Ahead
2010-10-11 20:34:15 -------- d-----w- C:\Program Files (x86)\NeroInstall.bak
2010-09-29 07:00:11 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 06:49:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 06:49:56 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-29 06:49:54 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-29 06:49:54 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-27 16:52:34 -------- d-----w- C:\Users\ajddle\AppData\Local\Astar Games
2010-09-27 16:50:17 -------- d-----w- C:\Program Files (x86)\bfgclient

==================== Find3M ====================

2010-10-18 15:40:37 0 ----a-w- C:\Windows\SysWow64\~~.tmp
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 1245.91 ===============
Attached Files
File Type: zip Attach.zip (2.2 KB, 3 views)

__________________
poofter is offline  
Old 10-21-2010, 11:56 AM   #2
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,003
OS: XP Pro; XP Home; Win7 x86 & x64



Windows7 System Restore is very robust. I wonder if you've tried that yet? If not, try going back to a point a day or so before the event, and see how things are. I would use Method 2, Through System Recovery Options at Boot, for running System Restore.

http://www.sevenforums.com/tutorials...m-restore.html

If you're able to perform a System Restore, post new logs from DDS. Gmer rootkit scanner is not for 64bit machines.

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 10-21-2010, 04:19 PM   #3
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



not able to do system restore.
__________________
poofter is offline  
Old 10-21-2010, 04:28 PM   #4
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,003
OS: XP Pro; XP Home; Win7 x86 & x64



What happens when you try? Details, please.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 10-21-2010, 04:49 PM   #5
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



there is only 1 restore point on there and it's from yesterday.
__________________
poofter is offline  
Old 10-21-2010, 04:54 PM   #6
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,003
OS: XP Pro; XP Home; Win7 x86 & x64



You're doing this from the Boot Menu, correct?

When you get this screen, tick the option for Show More Restore points.



Any more points show up?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 10-21-2010, 07:12 PM   #7
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



i did that and no there is no more points.
__________________
poofter is offline  
Old 10-21-2010, 07:15 PM   #8
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,003
OS: XP Pro; XP Home; Win7 x86 & x64



OK.

Download OTL to your desktop.

Right click on the icon and select Run As Administrator to start the tool.
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created, OTL.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 10-21-2010, 08:34 PM   #9
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



OTL logfile created on: 10/21/2010 11:28:19 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\ajddle\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.77 Gb Total Space | 98.32 Gb Free Space | 42.24% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 1.64 Gb Free Space | 2.20% Space Free | Partition Type: NTFS

Computer Name: AJDDLE-PC | User Name: ajddle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/21 23:28:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ajddle\Downloads\OTL.exe
PRC - [2010/10/20 00:34:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/20 00:34:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/13 07:56:18 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2009/04/22 22:11:32 | 001,675,776 | ---- | M] (Flagship Industries, Inc.) -- C:\Program Files (x86)\Ventrilo\Ventrilo.exe


========== Modules (SafeList) ==========

MOD - [2010/10/21 23:28:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ajddle\Downloads\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/14 09:43:17 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 20:04:43 | 000,332,720 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_40_1123.sys -- (WPRO_40_1123) WinPcap Packet Driver (WPRO_40_1123)
DRV:64bit: - [2010/08/24 17:28:30 | 000,502,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/08 17:56:19 | 000,034,120 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/01 0958 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2008/04/25 0318 | 000,029,696 | ---- | M] (Leaf Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\leafnets.sys -- (leafnets)
DRV:64bit: - [2007/04/12 08:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007/04/10 06:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007/04/10 04:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2007/04/10 04:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2007/04/10 04:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2007/04/10 04:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007/04/10 04:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007/04/10 04:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007/04/10 04:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007/04/10 04:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2007/04/10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/04/10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/04/10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/04/10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/04/10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/04/10 04:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007/04/10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/04/10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/04/10 04:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007/04/10 04:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 78 43 37 02 7C CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://startskins.com/3385973558/"
FF - prefs.js..extensions.enabledItems: {0b521176-81b5-4849-b963-98c7a257827d}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=y2o7ryRJIwgIS8G50PiCfg&psa=&ind=2010042213&ptnrS=ZJfox000&si=&st=kwd&n=77cecf65&searchfor="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{AC61C660-144C-4B1F-94EE-9148DCF3FB82}: C:\Users\ajddle\AppData\Local\{AC61C660-144C-4B1F-94EE-9148DCF3FB82}\ [2010/07/17 17:27:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/21 19:45:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/21 19:45:25 | 000,000,000 | ---D | M]

[2009/12/13 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\ajddle\AppData\Roaming\Mozilla\Extensions
[2010/10/21 19:45:51 | 000,000,000 | ---D | M] -- C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\extensions
[2010/04/22 15:23:14 | 000,000,000 | ---D | M] (OpinionSquare) -- C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\extensions\{0b521176-81b5-4849-b963-98c7a257827d}
[2010/05/21 08:59:21 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/22 13:20:29 | 000,010,017 | ---- | M] () -- C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\searchplugins\mywebsearch.xml
[2010/10/21 19:45:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/21 19:45:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/21 19:45:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/17 17:27:30 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: killbox ([]* in Local intranet)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (mqsdtmef.dll) - File not found
O29 - HKLM SecurityProviders - (mqsdtmef.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/01 06:08:57 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f056a5c0-afc6-11df-be71-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f056a5c0-afc6-11df-be71-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{f056a5c0-afc6-11df-be71-806e6f6e6963}\Shell\setup\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{f8512cc7-e80a-11de-91f8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f8512cc7-e80a-11de-91f8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\CDautorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/21 19:50:27 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Windows Live
[2010/10/21 19:50:02 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/10/21 19:50:02 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/10/21 19:50:02 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/21 19:50:02 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/10/21 19:50:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/21 19:50:01 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/10/21 19:50:00 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/10/21 19:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/21 19:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/21 19:45:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/21 19:45:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/21 19:45:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/21 19:45:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/21 19:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/10/21 19:08:59 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\Uniblue
[2010/10/21 18:55:56 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\PackageAware
[2010/10/21 12:05:17 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Threat Expert
[2010/10/21 09:33:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/10/21 0104 | 000,446,464 | ---- | C] (Protocol Engineering Pty Ltd) -- C:\Users\ajddle\Desktop\SpywareDoctorReset.exe
[2010/10/19 10:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/19 10:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/14 02:08:07 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\ERS Game Studios
[2010/10/14 02:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze
[2010/10/14 01:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2010/10/13 18:54:11 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 18:54:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 18:54:10 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 18:54:08 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/13 18:54:06 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 18:54:04 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/13 18:54:04 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 18:54:03 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 18:54:03 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 18:53:57 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 18:53:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 18:53:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 18:53:56 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 18:53:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 18:53:55 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 18:53:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 18:53:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 18:53:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 18:53:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 18:53:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 18:53:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 18:53:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/13 18:53:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 18:53:51 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 18:53:48 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 18:53:45 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 18:53:45 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 18:53:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/11 17:25:51 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\Ahead
[2010/10/11 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/10/11 17:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2010/10/11 17:02:44 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\DVDCreator
[2010/10/11 17:02:12 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/10/11 17:02:12 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/10/11 17:02:12 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/10/11 17:02:12 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/10/11 17:02:12 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\Real
[2010/10/11 17:02:12 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Real
[2010/10/11 17:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/10/11 17:02:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system
[2010/10/11 17:02:03 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010/10/11 17:02:03 | 000,308,224 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010/10/11 17:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magic Video Converter
[2010/10/11 16:34:16 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Ahead
[2010/10/11 16:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeroInstall.bak
[2010/09/27 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Astar Games
[2010/09/27 12:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/21 19:49:03 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 19:49:03 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 19:46:25 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/21 19:46:25 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/21 19:46:25 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/21 19:45:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/21 19:45:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/21 19:45:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/21 19:45:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/21 19:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/21 19:41:38 | 1610,051,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/21 19:41:05 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/21 19:41:04 | 000,033,712 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/21 19:41:04 | 000,033,712 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/21 19:41:04 | 000,029,772 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/21 19:41:04 | 000,029,772 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/21 19:36:25 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2010/10/21 19:21:14 | 000,001,648 | ---- | M] () -- C:\Users\ajddle\Desktop\RegistryBooster - Shortcut.lnk
[2010/10/20 12:37:29 | 000,002,234 | ---- | M] () -- C:\Users\ajddle\Desktop\Attach.zip
[2010/10/20 00:36:34 | 000,001,011 | ---- | M] () -- C:\Users\ajddle\Desktop\CCleaner.lnk
[2010/10/19 13:53:58 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/10/19 13:53:58 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/10/19 13:33:46 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/19 13:14:34 | 000,001,413 | ---- | M] () -- C:\Users\ajddle\Desktop\Internet Explorer (64-bit).lnk
[2010/10/19 1210 | 000,000,565 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/14 03:21:59 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 01:17:26 | 000,002,431 | ---- | M] () -- C:\Users\ajddle\Desktop\Twisted Lands Shadow Town CE.lnk
[2010/10/12 16:50:48 | 000,812,087 | ---- | M] () -- C:\Users\ajddle\Desktop\IMG_0527.JPG
[2010/10/11 17:26:14 | 000,002,746 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/10/11 17:02:09 | 000,001,067 | ---- | M] () -- C:\Users\ajddle\Desktop\Magic Video Converter.lnk
[2010/10/11 16:33:00 | 000,001,024 | ---- | M] () -- C:\Users\ajddle\.rnd
[2010/09/27 12:52:13 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/09/27 12:50:19 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/21 19:36:25 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2010/10/21 19:21:14 | 000,001,648 | ---- | C] () -- C:\Users\ajddle\Desktop\RegistryBooster - Shortcut.lnk
[2010/10/20 12:37:29 | 000,002,234 | ---- | C] () -- C:\Users\ajddle\Desktop\Attach.zip
[2010/10/20 12:10:34 | 000,293,376 | ---- | C] () -- C:\Users\ajddle\Desktop\gmer.exe
[2010/10/19 13:33:46 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/19 13:14:34 | 000,001,413 | ---- | C] () -- C:\Users\ajddle\Desktop\Internet Explorer (64-bit).lnk
[2010/10/19 1209 | 000,000,565 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/19 08:58:46 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/10/19 08:55:49 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/10/14 01:17:26 | 000,002,431 | ---- | C] () -- C:\Users\ajddle\Desktop\Twisted Lands Shadow Town CE.lnk
[2010/10/12 16:49:08 | 000,812,087 | ---- | C] () -- C:\Users\ajddle\Desktop\IMG_0527.JPG
[2010/10/11 17:26:14 | 000,002,746 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/10/11 17:02:09 | 000,001,067 | ---- | C] () -- C:\Users\ajddle\Desktop\Magic Video Converter.lnk
[2010/10/11 16:32:58 | 000,001,024 | ---- | C] () -- C:\Users\ajddle\.rnd
[2010/09/27 12:50:18 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/09/27 12:50:18 | 000,001,258 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/07/17 17:27:47 | 000,000,120 | ---- | C] () -- C:\Users\ajddle\AppData\Local\Vjurisa.dat
[2010/07/17 17:27:47 | 000,000,000 | ---- | C] () -- C:\Users\ajddle\AppData\Local\Ntazi.bin
[2010/07/14 09:53:00 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/03/15 10:21:13 | 000,001,049 | ---- | C] () -- C:\Windows\oregon.ini
[2009/12/31 00:14:36 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
[2009/12/15 11:49:51 | 000,000,094 | ---- | C] () -- C:\Users\ajddle\AppData\Local\fusioncache.dat
[2009/12/13 12:59:19 | 000,003,686 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\PStrip.bko
[2009/12/13 12:05:05 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/13 11:51:42 | 000,032,141 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\PStrip.ini
[2009/12/13 11:23:24 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/13 10:31:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/12/13 10:31:47 | 000,012,266 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/12/13 02:37:18 | 000,024,282 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\PStrip.bk!
[2009/12/13 02:37:04 | 000,003,686 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\PStrip.bak
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 16:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/04/25 11:36:48 | 002,011,136 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\WMC.exe
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AE67195
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DA321CD4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:25FBE882

< End of report >


OTL Extras logfile created on: 10/21/2010 11:28:19 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\ajddle\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.77 Gb Total Space | 98.32 Gb Free Space | 42.24% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 1.64 Gb Free Space | 2.20% Space Free | Partition Type: NTFS

Computer Name: AJDDLE-PC | User Name: ajddle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"ImgBurn" = ImgBurn
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"m.p3 Professional Edition" = m.p3 Professional Edition
"Magic Video Converter_is1" = Magic Video Converter 10.0.10.2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 17700" = Insurgency
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Twisted Lands Shadow Town Collectors Edition 1.00" = Twisted Lands Shadow Town Collectors Edition 1.00
"Veetle TV" = Veetle TV 0.9.17
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2010 3:05:34 AM | Computer Name = ajddle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...throotstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/14/2010 3:05:36 AM | Computer Name = ajddle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...throotstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/14/2010 3:05:49 AM | Computer Name = ajddle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...throotstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/16/2010 10:38:33 AM | Computer Name = ajddle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...throotstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/16/2010 10:38:33 AM | Computer Name = ajddle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...throotstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/16/2010 10:49:13 AM | Computer Name = ajddle-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000012fb00a Faulting process id: 0x188 Faulting
application start time: 0x01cb6d3dfb0e83fa Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 8a5016da-d934-11df-8d21-00038a000015

Error - 10/19/2010 1:40:11 PM | Computer Name = ajddle-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary PStrip64. System Error: The system cannot find the file specified. .

Error - 10/19/2010 1:54:13 PM | Computer Name = ajddle-PC | Source = System Restore | ID = 8204
Description =

Error - 10/21/2010 12:29:48 AM | Computer Name = ajddle-PC | Source = System Restore | ID = 8209
Description =

Error - 10/21/2010 1227 PM | Computer Name = ajddle-PC | Source = pctsSvc.exe | ID = 0
Description =

[ System Events ]
Error - 8/3/2010 3:17:31 AM | Computer Name = ajddle-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >
__________________
poofter is offline  
Old 10-21-2010, 08:47 PM   #10
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,003
OS: XP Pro; XP Home; Win7 x86 & x64



Please double-click OTL.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O29:64bit: - HKLM SecurityProviders - (mqsdtmef.dll) - File not found
    O29 - HKLM SecurityProviders - (mqsdtmef.dll) - File not found
    [2010/10/19 08:58:46 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\At2.job
    [2010/10/19 08:55:49 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\At1.job
    [2010/07/17 17:27:47 | 000,000,120 | ---- | C] () -- C:\Users\ajddle\AppData\Local\Vjurisa.dat
    [2010/07/17 17:27:47 | 000,000,000 | ---- | C] () -- C:\Users\ajddle\AppData\Local\Ntazi.bin
    FF - HKLM\software\mozilla\Firefox\Extensions\\{AC61C660-144C-4B1F-94EE-9148DCF3FB82}: C:\Users\ajddle\AppData\Local\{AC61C660-144C-4B1F-94EE-9148DCF3FB82}\ [2010/07/17 17:27:44 | 000,000,000 | ---D | M]
    :commands
    [emptytemp]
  • Return to OTL, right click in the "Custom Scans/Fixes" section and choose Paste.
  • Click the red Run Fix button.
  • OTL may ask to reboot the machine. Please do so.
  • If OTL did not reboot the machine, click OK and the log will open. Post the contents of the log in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • I see you have Malwarebytes' AntiMalware installed.

    Please update it's definitions, and run a new Quick Scan.
    • Launch Malwarebytes' Antimalware
    • On the updates tab, click on Check for Updates
    • If an update is found, it will begin. Once the update is complete..
    • Click on the Scanner tab. Select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

    Also run OTL once again, using the Scan settings as we did previously. Post that new log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 10-21-2010, 09:48 PM   #11
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



ok it did ask me to reboot after it was done. here are the logs.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mqsdtmef.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mqsdtmef.dll deleted successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Users\ajddle\AppData\Local\Vjurisa.dat moved successfully.
C:\Users\ajddle\AppData\Local\Ntazi.bin moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{AC61C660-144C-4B1F-94EE-9148DCF3FB82} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC61C660-144C-4B1F-94EE-9148DCF3FB82}\ not found.
C:\Users\ajddle\AppData\Local\{AC61C660-144C-4B1F-94EE-9148DCF3FB82}\chrome\content folder moved successfully.
C:\Users\ajddle\AppData\Local\{AC61C660-144C-4B1F-94EE-9148DCF3FB82}\chrome folder moved successfully.
C:\Users\ajddle\AppData\Local\{AC61C660-144C-4B1F-94EE-9148DCF3FB82} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: ajddle
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 65536 bytes
->Java cache emptied: 24159628 bytes
->FireFox cache emptied: 45874226 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 68302 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10222010_002759

Files\Folders moved on Reboot...
C:\Users\ajddle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4907

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/22/2010 12:47:34 AM
mbam-log-2010-10-22 (00-47-34).txt

Scan type: Quick scan
Objects scanned: 139499
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________
poofter is offline  
Old 10-21-2010, 10:17 PM   #12
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



OTL logfile created on: 10/22/2010 1:14:16 AM - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\ajddle\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.77 Gb Total Space | 98.20 Gb Free Space | 42.19% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 1.64 Gb Free Space | 2.20% Space Free | Partition Type: NTFS

Computer Name: AJDDLE-PC | User Name: ajddle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/21 23:28:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ajddle\Desktop\OTL.exe
PRC - [2010/10/20 00:34:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/20 00:34:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/04/22 22:11:32 | 001,675,776 | ---- | M] (Flagship Industries, Inc.) -- C:\Program Files (x86)\Ventrilo\Ventrilo.exe


========== Modules (SafeList) ==========

MOD - [2010/10/21 23:28:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ajddle\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/14 09:43:17 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 20:04:43 | 000,332,720 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_40_1123.sys -- (WPRO_40_1123) WinPcap Packet Driver (WPRO_40_1123)
DRV:64bit: - [2010/08/24 17:28:30 | 000,502,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/08 17:56:19 | 000,034,120 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/01 0958 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2008/04/25 0318 | 000,029,696 | ---- | M] (Leaf Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\leafnets.sys -- (leafnets)
DRV:64bit: - [2007/04/12 08:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007/04/10 06:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007/04/10 04:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2007/04/10 04:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2007/04/10 04:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2007/04/10 04:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007/04/10 04:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007/04/10 04:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007/04/10 04:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007/04/10 04:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2007/04/10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/04/10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/04/10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/04/10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/04/10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/04/10 04:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007/04/10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/04/10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/04/10 04:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007/04/10 04:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 78 43 37 02 7C CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://startskins.com/3385973558/"
FF - prefs.js..extensions.enabledItems: {0b521176-81b5-4849-b963-98c7a257827d}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=y2o7ryRJIwgIS8G50PiCfg&psa=&ind=2010042213&ptnrS=ZJfox000&si=&st=kwd&n=77cecf65&searchfor="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/21 19:45:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/21 19:45:25 | 000,000,000 | ---D | M]

[2009/12/13 12:23:21 | 000,000,000 | ---D | M] -- C:\Users\ajddle\AppData\Roaming\Mozilla\Extensions
[2010/10/21 23:35:12 | 000,000,000 | ---D | M] -- C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\extensions
[2010/04/22 15:23:14 | 000,000,000 | ---D | M] (OpinionSquare) -- C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\extensions\{0b521176-81b5-4849-b963-98c7a257827d}
[2010/05/21 08:59:21 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/04/22 13:20:29 | 000,010,017 | ---- | M] () -- C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\searchplugins\mywebsearch.xml
[2010/10/21 23:35:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/21 19:45:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/21 19:45:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/17 17:27:30 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: killbox ([]* in Local intranet)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/01 06:08:57 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f056a5c0-afc6-11df-be71-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f056a5c0-afc6-11df-be71-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{f056a5c0-afc6-11df-be71-806e6f6e6963}\Shell\setup\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{f8512cc7-e80a-11de-91f8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f8512cc7-e80a-11de-91f8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\ASSETUP.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\CDautorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/22 00:27:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/21 23:28:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\ajddle\Desktop\OTL.exe
[2010/10/21 19:50:27 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Windows Live
[2010/10/21 19:50:02 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/10/21 19:50:02 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/10/21 19:50:02 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/21 19:50:02 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/10/21 19:50:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/21 19:50:01 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/10/21 19:50:00 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/10/21 19:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/21 19:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/21 19:45:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/21 19:45:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/21 19:45:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/21 19:45:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/21 19:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/10/21 19:08:59 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\Uniblue
[2010/10/21 18:55:56 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\PackageAware
[2010/10/21 12:05:17 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Threat Expert
[2010/10/21 09:33:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/10/21 0104 | 000,446,464 | ---- | C] (Protocol Engineering Pty Ltd) -- C:\Users\ajddle\Desktop\SpywareDoctorReset.exe
[2010/10/19 10:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/19 10:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/14 02:08:07 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\ERS Game Studios
[2010/10/14 02:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze
[2010/10/14 01:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2010/10/13 18:54:11 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 18:54:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 18:54:10 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 18:54:08 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/13 18:54:06 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 18:54:04 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/13 18:54:04 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/13 18:54:03 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 18:54:03 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 18:53:57 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 18:53:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 18:53:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 18:53:56 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 18:53:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 18:53:55 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 18:53:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 18:53:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 18:53:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 18:53:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 18:53:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 18:53:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 18:53:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/13 18:53:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 18:53:51 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 18:53:48 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 18:53:45 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 18:53:45 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 18:53:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/11 17:25:51 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\Ahead
[2010/10/11 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/10/11 17:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2010/10/11 17:02:44 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\DVDCreator
[2010/10/11 17:02:12 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/10/11 17:02:12 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/10/11 17:02:12 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/10/11 17:02:12 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/10/11 17:02:12 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Roaming\Real
[2010/10/11 17:02:12 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Real
[2010/10/11 17:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/10/11 17:02:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\system
[2010/10/11 17:02:03 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010/10/11 17:02:03 | 000,308,224 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010/10/11 17:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magic Video Converter
[2010/10/11 16:34:16 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Ahead
[2010/10/11 16:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeroInstall.bak
[2010/09/27 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\ajddle\AppData\Local\Astar Games
[2010/09/27 12:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/10/22 00:42:11 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/22 00:42:11 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/22 00:35:30 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/22 00:35:30 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/22 00:35:30 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/22 00:29:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/22 00:29:13 | 1610,051,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/22 00:28:40 | 000,033,712 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/22 00:28:40 | 000,033,712 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/22 00:28:40 | 000,029,772 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/22 00:28:40 | 000,029,772 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/22 00:28:40 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000006-00001102-00000008-10011102}.rfx
[2010/10/21 23:28:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ajddle\Desktop\OTL.exe
[2010/10/21 19:45:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/21 19:45:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/21 19:45:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/21 19:45:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/21 19:36:25 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2010/10/21 19:21:14 | 000,001,648 | ---- | M] () -- C:\Users\ajddle\Desktop\RegistryBooster - Shortcut.lnk
[2010/10/20 12:37:29 | 000,002,234 | ---- | M] () -- C:\Users\ajddle\Desktop\Attach.zip
[2010/10/20 00:36:34 | 000,001,011 | ---- | M] () -- C:\Users\ajddle\Desktop\CCleaner.lnk
[2010/10/19 13:33:46 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/19 13:14:34 | 000,001,413 | ---- | M] () -- C:\Users\ajddle\Desktop\Internet Explorer (64-bit).lnk
[2010/10/19 1210 | 000,000,565 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/14 03:21:59 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/14 01:17:26 | 000,002,431 | ---- | M] () -- C:\Users\ajddle\Desktop\Twisted Lands Shadow Town CE.lnk
[2010/10/12 16:50:48 | 000,812,087 | ---- | M] () -- C:\Users\ajddle\Desktop\IMG_0527.JPG
[2010/10/11 17:26:14 | 000,002,746 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/10/11 17:02:09 | 000,001,067 | ---- | M] () -- C:\Users\ajddle\Desktop\Magic Video Converter.lnk
[2010/10/11 16:33:00 | 000,001,024 | ---- | M] () -- C:\Users\ajddle\.rnd
[2010/09/27 12:52:13 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/09/27 12:50:19 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk

========== Files Created - No Company Name ==========

[2010/10/21 19:36:25 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2010/10/21 19:21:14 | 000,001,648 | ---- | C] () -- C:\Users\ajddle\Desktop\RegistryBooster - Shortcut.lnk
[2010/10/20 12:37:29 | 000,002,234 | ---- | C] () -- C:\Users\ajddle\Desktop\Attach.zip
[2010/10/20 12:10:34 | 000,293,376 | ---- | C] () -- C:\Users\ajddle\Desktop\gmer.exe
[2010/10/19 13:33:46 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/19 13:14:34 | 000,001,413 | ---- | C] () -- C:\Users\ajddle\Desktop\Internet Explorer (64-bit).lnk
[2010/10/19 1209 | 000,000,565 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/14 01:17:26 | 000,002,431 | ---- | C] () -- C:\Users\ajddle\Desktop\Twisted Lands Shadow Town CE.lnk
[2010/10/12 16:49:08 | 000,812,087 | ---- | C] () -- C:\Users\ajddle\Desktop\IMG_0527.JPG
[2010/10/11 17:26:14 | 000,002,746 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/10/11 17:02:09 | 000,001,067 | ---- | C] () -- C:\Users\ajddle\Desktop\Magic Video Converter.lnk
[2010/10/11 16:32:58 | 000,001,024 | ---- | C] () -- C:\Users\ajddle\.rnd
[2010/09/27 12:50:18 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/09/27 12:50:18 | 000,001,258 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/07/14 09:53:00 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/03/15 10:21:13 | 000,001,049 | ---- | C] () -- C:\Windows\oregon.ini
[2009/12/31 00:14:36 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
[2009/12/15 11:49:51 | 000,000,094 | ---- | C] () -- C:\Users\ajddle\AppData\Local\fusioncache.dat
[2009/12/13 12:59:19 | 000,003,686 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\PStrip.bko
[2009/12/13 12:05:05 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/13 11:51:42 | 000,032,141 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\PStrip.ini
[2009/12/13 11:23:24 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/13 10:31:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/12/13 10:31:47 | 000,012,266 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/12/13 02:37:18 | 000,024,282 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\PStrip.bk!
[2009/12/13 02:37:04 | 000,003,686 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\PStrip.bak
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 16:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/04/25 11:36:48 | 002,011,136 | ---- | C] () -- C:\Users\ajddle\AppData\Roaming\WMC.exe
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AE67195
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DA321CD4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:25FBE882

< End of report >
__________________
poofter is offline  
Old 10-21-2010, 10:26 PM   #13
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,003
OS: XP Pro; XP Home; Win7 x86 & x64



Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Still getting popups?

What Antivirus do you have installed? I don't seem to see one on the logs.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 10-21-2010, 10:33 PM   #14
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



the popups seem to be gone now. thanks. here are the logs. i have bitdefender but it's just not installed.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 01:30 on 22/10/2010 (ajddle)
Firefox version 3.6.11 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:33 19/10/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [23:45 21/10/2010]

C:\Users\ajddle\Application Data\Mozilla\Firefox\Profiles\kb2dgs1r.default\extensions\
{0b521176-81b5-4849-b963-98c7a257827d} [19:23 22/04/2010]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [12:59 21/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-
__________________
poofter is offline  
Old 10-21-2010, 10:43 PM   #15
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,003
OS: XP Pro; XP Home; Win7 x86 & x64



Great. Please install Bitdefender update it and run a full system scan.

Let me know if it finds anything. If you can produce a log, that would be good, but not critical.

Also post new logs from DDS.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 10-22-2010, 07:06 AM   #16
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by ajddle at 10:02:26.04 on Fri 10/22/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1068 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\ajddle\Desktop\dds.com
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
SecurityProviders: credssp.dll,
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

================= FIREFOX ===================

FF - ProfilePath - C:\Users\ajddle\AppData\Roaming\Mozilla\Firefox\Profiles\kb2dgs1r.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://startskins.com/3385973558/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=y2o7ryRJIwgIS8G50PiCfg&psa=&ind=2010042213&ptnrS=ZJfox000&si=&st=kwd&n=77cecf65&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\ajddle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\ajddle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 leafnets;Leaf Networks Adapter;C:\Windows\System32\drivers\leafnets.sys [2008-4-25 29696]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-4 1255736]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-7-14 79360]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]

=============== Created Last 30 ================

2010-10-22 07:01:40 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{89E47159-1C15-4213-8E21-F297157466FB}\mpengine.dll
2010-10-22 04:27:59 -------- d-----w- C:\_OTL
2010-10-21 23:51:42 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e84f14ee1cb717a2e\InstallManager_WLE_WLE.exe
2010-10-21 23:51:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dfd579021cb717a23\MeshBetaRemover.exe
2010-10-21 23:51:11 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d6bc1f881cb717a1b\DSETUP.dll
2010-10-21 23:51:11 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d6bc1f881cb717a1b\DXSETUP.exe
2010-10-21 23:51:11 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d6bc1f881cb717a1b\dsetup32.dll
2010-10-21 23:51:10 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d5731b041cb717a1a\DSETUP.dll
2010-10-21 23:51:10 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d5731b041cb717a1a\DXSETUP.exe
2010-10-21 23:51:10 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d5731b041cb717a1a\dsetup32.dll
2010-10-21 23:50:27 -------- d-----w- C:\Users\ajddle\AppData\Local\Windows Live
2010-10-21 23:50:02 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-21 23:50:02 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-21 23:50:02 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-21 23:50:02 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-21 23:50:02 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-21 23:50:01 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-21 23:50:00 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-21 23:45:25 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-21 23:45:25 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-21 23:20:14 -------- d-----w- C:\Program Files (x86)\Uniblue
2010-10-21 23:08:59 -------- d-----w- C:\Users\ajddle\AppData\Roaming\Uniblue
2010-10-21 22:55:56 -------- d-----w- C:\Users\ajddle\AppData\Local\PackageAware
2010-10-21 16:05:17 -------- d-----w- C:\Users\ajddle\AppData\Local\Threat Expert
2010-10-21 13:33:00 -------- d-----w- C:\TDSSKiller_Quarantine
2010-10-19 14:28:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-10-19 14:28:47 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-10-14 06:08:07 -------- d-----w- C:\Users\ajddle\AppData\Roaming\ERS Game Studios
2010-10-14 06:07:43 -------- d-----w- C:\PROGRA~3\Alawar Stargaze
2010-10-14 05:17:00 -------- d-----w- C:\Program Files (x86)\Games
2010-10-11 21:25:23 -------- d-----w- C:\PROGRA~3\Nero
2010-10-11 21:01:59 -------- d-----w- C:\Program Files (x86)\Magic Video Converter
2010-10-11 20:34:16 -------- d-----w- C:\Users\ajddle\AppData\Local\Ahead
2010-10-11 20:34:15 -------- d-----w- C:\Program Files (x86)\NeroInstall.bak
2010-09-29 07:00:11 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 06:49:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 06:49:56 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-29 06:49:54 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-29 06:49:54 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-27 16:52:34 -------- d-----w- C:\Users\ajddle\AppData\Local\Astar Games
2010-09-27 16:50:17 -------- d-----w- C:\Program Files (x86)\bfgclient
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

==================== Find3M ====================

2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 10:02:38.79 ===============
Attached Files
File Type: zip Attach.zip (2.6 KB, 3 views)
__________________
poofter is offline  
Old 10-22-2010, 07:26 AM   #17
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,003
OS: XP Pro; XP Home; Win7 x86 & x64



Hi. I don't see that Bitdefender has been installed. Was there a problem with that?

Having no antivirus protection leaves the machine insecure and subject to attack.

Here are a few very good free Antivirus products which are available:
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 10-22-2010, 10:42 AM   #18
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



where would the log be after Microsoft Security Essentials is done scanning?
__________________
poofter is offline  
Old 10-22-2010, 11:01 AM   #19
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,003
OS: XP Pro; XP Home; Win7 x86 & x64



Hi -

That is one of the few drawbacks of MS SE, but it's not alone in that. Several AV make it challenging to get scan logs.

There is no option in the program to view logs. However, you will see information in History if a threat has been detected and acted upon. If nothing is there, no threat was found.

If the machine is behaving well, I can post some final housekeeping instructions for you.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 10-22-2010, 11:02 AM   #20
Registered Member
 
Join Date: Oct 2010
Posts: 12
OS: win7 64



it says it removed it and yes the machine does seem to working well.

Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
containerfile:D:\ajs stuff\Danielles Music\Nevershoutnever! - BigCityDreams.mp3
file:D:\ajs stuff\Danielles Music\Nevershoutnever! - BigCityDreams.mp3->(ASF_Script_Commands)

Get more information about this item online.

__________________
poofter is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 12:58 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts