(help me please) exploit phamacy spamsite type1173

View previous topic View next topic Go down

(help me please) exploit phamacy spamsite type1173

Post by tricia9000 on 29th September 2010, 7:59 pm

People have told me that I have been sending them emails one was sent 9/22/10 them [You must be registered and logged in to see this link.] in the message and when I try and go there my antivirus gives me a block. I need to remove this and stop it from invading and sending out emails to my address book.

help please
tricia

OTL logfile created on: 9/29/2010 2:18:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Shorty\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 11.00% Memory free
8.00 Gb Paging File | 4.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 540.48 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHORTY-PC
Current User Name: Shorty
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/29 14:16:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.com
PRC - [2010/08/25 07:27:33 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/07/21 08:43:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 09:34:36 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 09:34:31 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:33:55 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/31 11:42:56 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/03/25 17:08:06 | 001,573,376 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
PRC - [2006/06/22 14:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe


========== Modules (SafeList) ==========

MOD - [2010/09/29 14:16:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.com
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/07/21 08:43:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 09:34:31 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe -- (SftService)
SRV - [2009/12/17 13:46:44 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/05/21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/15 09:34:36 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/15 09:33:56 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/06 02:57:51 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/09 21:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/13 21:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/06 02:29:38 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 02:52:08 | 000,100,864 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viacr64.sys -- (VIACRX64)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/06 02:50:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} [You must be registered and logged in to see this link.] (Imikimi_activex_plugin Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/29 14:16:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.com
[2010/09/29 13:11:51 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\JavaRa
[2010/09/29 03:00:31 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/15 03:02:19 | 000,000,000 | ---D | C] -- C:\fd7fabcd81f3973a4af2f40c3711
[2010/09/15 03:00:54 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/31 18:11:29 | 000,000,000 | --SD | C] -- C:\Users\Shorty\Documents\My Data Sources
[2010/05/03 23:40:14 | 000,040,960 | ---- | C] ( ) -- C:\Windows\Interop.OR4PhotoComponent.dll
[2010/03/16 03:22:53 | 000,040,960 | ---- | C] ( ) -- C:\Windows\SysWow64\MACTrackBarLib.dll
[2010/02/12 08:48:00 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Shorty\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2010/09/29 14:20:04 | 006,291,456 | -HS- | M] () -- C:\Users\Shorty\ntuser.dat
[2010/09/29 14:16:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.com
[2010/09/29 13:11:04 | 000,156,329 | ---- | M] () -- C:\Users\Shorty\Desktop\JavaRa.zip
[2010/09/29 12:41:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/29 12:41:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/29 08:18:04 | 065,437,042 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/29 07:22:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/29 03:18:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/29 03:17:46 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/29 03:16:48 | 006,977,294 | -H-- | M] () -- C:\Users\Shorty\AppData\Local\IconCache.db
[2010/08/31 00:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll

========== Files Created - No Company Name ==========

[2010/09/29 13:11:03 | 000,156,329 | ---- | C] () -- C:\Users\Shorty\Desktop\JavaRa.zip
[2010/05/03 23:40:15 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\LLHttpsUpload2.dll
[2010/05/03 23:40:14 | 000,032,768 | ---- | C] () -- C:\Windows\AxInterop.OR4PhotoComponent.dll
[2010/03/16 03:22:56 | 002,592,768 | ---- | C] () -- C:\Windows\SysWow64\InvestintechConversionDLL.dll
[2010/03/16 03:21:56 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\regobj.dll
[2010/03/16 03:21:55 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\LWLLHttpsUpload2.dll
[2010/02/22 03:10:18 | 000,001,688 | ---- | C] () -- C:\Users\Shorty\AppData\Roaming\wklnhst.dat
[2010/02/12 16:00:29 | 000,017,072 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/12/17 15:31:36 | 000,003,278 | RH-- | M] () -- C:\dell.sdr
[2010/09/29 03:17:46 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 19:24:07 | 000,001,211 | ---- | M] () -- C:\install.log
[2010/05/10 21:07:19 | 000,000,694 | -H-- | M] () -- C:\IPH.PH
[2010/05/10 09:25:43 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/09/29 03:17:56 | 4258,062,336 | -HS- | M] () -- C:\pagefile.sys
[2006/08/07 13:21:18 | 004,636,672 | ---- | M] (Amyuni Technologies) -- C:\Setup.exe

< %PROGRAMFILES%\*. >
[2010/08/23 19:39:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/07/12 00:37:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/02/12 09:16:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010/07/12 00:37:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/06/06 02:46:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CA
[2009/12/17 13:46:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2010/06/08 23:30:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\comcasttb
[2010/08/23 19:39:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009/12/17 14:00:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2009/12/17 13:59:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Live! Cam
[2009/12/17 13:53:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/06/20 20:38:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2010/09/29 07:23:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2009/12/17 13:49:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Support Center
[2009/12/17 14:00:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2010/02/15 23:55:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FrostWire
[2010/06/06 12:33:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/07/02 00:14:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2010/04/12 03:20:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Imikimi
[2010/05/03 23:40:08 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/29 03:16:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/03/07 11:04:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ItsDeductibleEX
[2010/07/21 08:50:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/06/10 19:23:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/06/10 19:25:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JRE
[2010/06/08 17:46:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/17 13:56:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/06/20 22:31:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2009/12/17 13:48:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/06/20 22:34:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/09/29 03:17:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/06/06 02:07:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Small Business
[2010/06/05 10:42:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
[2010/06/20 22:34:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/12/17 13:58:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/06/20 22:34:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/06/01 08:00:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/06/20 22:32:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/08 01:45:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/27 03:03:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/20 22:34:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/02/13 04:00:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/07/01 23:54:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Myxer
[2010/03/01 20:18:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Myxer Inc
[2010/05/03 23:41:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OfficeReady 4.0
[2010/06/10 19:25:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/07/12 00:37:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2009/12/17 14:02:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2010/04/11 15:13:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Southwest Airlines
[2010/04/14 15:22:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/02/26 14:38:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TurboTax
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2009/12/17 13:59:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2009/12/17 13:56:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/12 03:02:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/02/12 08:44:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 00:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/02/12 16:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< %appdata%\*.* >
[2010/02/12 08:49:18 | 008,653,312 | ---- | M] (Dell, Inc. ) -- C:\Users\Shorty\AppData\Roaming\DataSafeDotNet.exe
[2010/04/03 01:03:14 | 000,001,688 | ---- | M] () -- C:\Users\Shorty\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >
< End of report >








Last edited by tricia9000 on 29th September 2010, 8:06 pm; edited 1 time in total (Reason for editing : forgot to copy otl text)

tricia9000
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-01-28
Gender Gender : Female
Points Points : 25336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: (help me please) exploit phamacy spamsite type1173

Post by Belahzur on 29th September 2010, 11:40 pm

Hello.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: (help me please) exploit phamacy spamsite type1173

Post by tricia9000 on 30th September 2010, 12:47 am

I hope this is what you wanted, also about 3-4wks ago they said it sent a email for viagra.



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron One 19A
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 193):
0x02A57000 \SystemRoot\system32\ntoskrnl.exe
0x02A0E000 \SystemRoot\system32\hal.dll
0x00BA6000 \SystemRoot\system32\kdcom.dll
0x00C09000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C4D000 \SystemRoot\system32\PSHED.dll
0x00C61000 \SystemRoot\system32\CLFS.SYS
0x00CBF000 \SystemRoot\system32\CI.dll
0x00EA0000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F44000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F53000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FAA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FB3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FBD000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FF0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E86000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E8E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D7F000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00D86000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DA0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DA9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DD3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010CB000 \SystemRoot\system32\drivers\fltmgr.sys
0x01117000 \SystemRoot\system32\drivers\fileinfo.sys
0x0112B000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01233000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01137000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014D4000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0148B000 \SystemRoot\System32\Drivers\spldr.sys
0x01493000 \SystemRoot\System32\drivers\rdyboost.sys
0x015C6000 \SystemRoot\System32\Drivers\mup.sys
0x015D8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01195000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015E1000 \SystemRoot\system32\DRIVERS\disk.sys
0x011CF000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0284E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02878000 \SystemRoot\System32\Drivers\Null.SYS
0x02881000 \SystemRoot\System32\Drivers\Beep.SYS
0x02888000 \SystemRoot\System32\drivers\vga.sys
0x02896000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x028BB000 \SystemRoot\System32\drivers\watchdog.sys
0x028CB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x028D4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x028DD000 \SystemRoot\system32\drivers\rdprefmp.sys
0x028E6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x028F1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03603000 \SystemRoot\System32\drivers\tcpip.sys
0x02902000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0294C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0296A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02977000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03805000 \SystemRoot\system32\drivers\afd.sys
0x0388F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03898000 \SystemRoot\system32\DRIVERS\pacer.sys
0x038BE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x038CD000 \SystemRoot\system32\DRIVERS\serial.sys
0x038EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03905000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03919000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0396A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03976000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03981000 \SystemRoot\System32\drivers\discache.sys
0x03990000 \SystemRoot\System32\Drivers\dfsc.sys
0x039AE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x039BF000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03AE0000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03B27000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B4D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0442B000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03C13000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03D07000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03D4D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03D71000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03DAF000 \SystemRoot\system32\DRIVERS\viacr64.sys
0x03DCC000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x04B33000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03DEC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04B8A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04BE0000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04400000 \SystemRoot\system32\DRIVERS\parport.sys
0x0441D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04BEC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03B63000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03B79000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03B9D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03BA9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03A3B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03A4A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03C11000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03A59000 \SystemRoot\system32\DRIVERS\ks.sys
0x03A9C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05226000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05280000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05295000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05341000 \SystemRoot\system32\drivers\portcls.sys
0x0537E000 \SystemRoot\system32\drivers\drmk.sys
0x053A0000 \SystemRoot\system32\drivers\ksthunk.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x053A6000 \SystemRoot\System32\drivers\Dxapi.sys
0x053B2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00550000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x053C0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x053DD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x053DF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03AAE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x053ED000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x039C7000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x05200000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05209000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x039F2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x029C8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0521C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x029E1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03BF3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0213D000 \SystemRoot\system32\drivers\luafv.sys
0x02160000 \SystemRoot\system32\drivers\WudfPf.sys
0x02181000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02196000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02000000 \SystemRoot\system32\drivers\HTTP.sys
0x020C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x021AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x021C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x030C1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0310F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03132000 \SystemRoot\system32\drivers\peauth.sys
0x031D8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03000000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0302D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0303F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0505E000 \SystemRoot\System32\DRIVERS\srv.sys
0x05125000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05000000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x05011000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0501D000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x0502D000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x050F4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0510F000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x0515B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77A60000 \Windows\System32\ntdll.dll
0x48180000 \Windows\System32\smss.exe
0xFFD80000 \Windows\System32\apisetschema.dll
0xFFB50000 \Windows\System32\autochk.exe
0xFFB60000 \Windows\System32\ole32.dll
0xFF9E0000 \Windows\System32\urlmon.dll
0xFF800000 \Windows\System32\setupapi.dll
0x77940000 \Windows\System32\kernel32.dll
0xFF7D0000 \Windows\System32\imm32.dll
0xFF570000 \Windows\System32\iertutil.dll
0xFF560000 \Windows\System32\nsi.dll
0x77C30000 \Windows\System32\psapi.dll
0xFF510000 \Windows\System32\ws2_32.dll
0xFF470000 \Windows\System32\clbcatq.dll
0xFF340000 \Windows\System32\rpcrt4.dll
0xFF260000 \Windows\System32\advapi32.dll
0xFF250000 \Windows\System32\lpk.dll
0xFF120000 \Windows\System32\wininet.dll
0xFF050000 \Windows\System32\usp10.dll
0xFF030000 \Windows\System32\imagehlp.dll
0xFEF50000 \Windows\System32\oleaut32.dll
0x77840000 \Windows\System32\user32.dll
0xFEF30000 \Windows\System32\sechost.dll
0xFEEB0000 \Windows\System32\difxapi.dll
0xFEE60000 \Windows\System32\Wldap32.dll
0xFEDC0000 \Windows\System32\msvcrt.dll
0xFE030000 \Windows\System32\shell32.dll
0xFDF20000 \Windows\System32\msctf.dll
0x77C20000 \Windows\System32\normaliz.dll
0xFDEA0000 \Windows\System32\shlwapi.dll
0xFDE30000 \Windows\System32\gdi32.dll
0xFDD90000 \Windows\System32\comdlg32.dll
0xFDD70000 \Windows\System32\devobj.dll
0xFDD30000 \Windows\System32\cfgmgr32.dll
0xFDBC0000 \Windows\System32\crypt32.dll
0xFDB80000 \Windows\System32\wintrust.dll
0xFDAE0000 \Windows\System32\comctl32.dll
0xFDA70000 \Windows\System32\KernelBase.dll
0xFDA60000 \Windows\System32\msasn1.dll
0x75A50000 \Windows\SysWOW64\normaliz.dll

Processes (total 81):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
384 csrss.exe
432 C:\Windows\System32\wininit.exe
444 csrss.exe
456 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
464 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
544 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
612 C:\Windows\System32\winlogon.exe
632 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
988 C:\Windows\System32\svchost.exe
320 C:\Windows\System32\svchost.exe
668 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1368 C:\Program Files\Dell\DellDock\DockLogin.exe
1428 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1672 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1712 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1740 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1792 C:\Windows\System32\svchost.exe
1824 C:\Windows\SysWOW64\svchost.exe
1924 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2024 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2388 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2396 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2668 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2888 C:\Windows\System32\svchost.exe
3832 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3960 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
4020 C:\Program Files\Windows Media Player\wmpnetwk.exe
4088 C:\Windows\System32\SearchIndexer.exe
3336 C:\Windows\System32\taskhost.exe
2940 C:\Windows\System32\dwm.exe
3376 C:\Windows\explorer.exe
2604 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
4060 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
3284 C:\Windows\System32\igfxtray.exe
3676 C:\Windows\System32\hkcmd.exe
3800 C:\Windows\System32\igfxpers.exe
2960 C:\Windows\System32\igfxsrvc.exe
4360 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
4372 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4416 C:\Program Files\Dell\DellDock\DellDock.exe
4428 C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
4436 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
4512 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
4532 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
4564 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4756 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
4900 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
1364 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4152 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
1056 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1352 C:\Windows\System32\svchost.exe
5184 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
5356 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
5652 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
1100 C:\Program Files\iPod\bin\iPodService.exe
5268 WUDFHost.exe
3012 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3332 C:\Users\Shorty\Desktop\OTL.com
6512 C:\Windows\System32\svchost.exe
1192 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1956 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1704 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
5968 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
6396 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
5580 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
4240 C:\Windows\System32\audiodg.exe
896 C:\Windows\System32\msiexec.exe
1732 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5436 C:\Users\Shorty\Desktop\MBRCheck.exe
6104 C:\Windows\System32\conhost.exe
6236 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-75A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


Last edited by tricia9000 on 30th September 2010, 12:49 am; edited 1 time in total (Reason for editing : added details)

tricia9000
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-01-28
Gender Gender : Female
Points Points : 25336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: (help me please) exploit phamacy spamsite type1173

Post by Belahzur on 30th September 2010, 11:31 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: (help me please) exploit phamacy spamsite type1173

Post by tricia9000 on 15th October 2010, 2:16 am

sorry it has taken so long for me to return but lost connection, i have malware and ran scan and nothing was in the note log now what, just 3 days ago it sent out yet another email. I read some other post and ran MBR check and here is the Log.


Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron One 19A
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 193):
0x02A57000 \SystemRoot\system32\ntoskrnl.exe
0x02A0E000 \SystemRoot\system32\hal.dll
0x00BA6000 \SystemRoot\system32\kdcom.dll
0x00C09000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C4D000 \SystemRoot\system32\PSHED.dll
0x00C61000 \SystemRoot\system32\CLFS.SYS
0x00CBF000 \SystemRoot\system32\CI.dll
0x00EA0000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F44000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F53000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FAA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FB3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FBD000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FF0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E86000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E8E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D7F000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00D86000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DA0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DA9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DD3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010CB000 \SystemRoot\system32\drivers\fltmgr.sys
0x01117000 \SystemRoot\system32\drivers\fileinfo.sys
0x0112B000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01233000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01137000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014D4000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0148B000 \SystemRoot\System32\Drivers\spldr.sys
0x01493000 \SystemRoot\System32\drivers\rdyboost.sys
0x015C6000 \SystemRoot\System32\Drivers\mup.sys
0x015D8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01195000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015E1000 \SystemRoot\system32\DRIVERS\disk.sys
0x011CF000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0284E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02878000 \SystemRoot\System32\Drivers\Null.SYS
0x02881000 \SystemRoot\System32\Drivers\Beep.SYS
0x02888000 \SystemRoot\System32\drivers\vga.sys
0x02896000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x028BB000 \SystemRoot\System32\drivers\watchdog.sys
0x028CB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x028D4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x028DD000 \SystemRoot\system32\drivers\rdprefmp.sys
0x028E6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x028F1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03603000 \SystemRoot\System32\drivers\tcpip.sys
0x02902000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0294C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0296A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02977000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03805000 \SystemRoot\system32\drivers\afd.sys
0x0388F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03898000 \SystemRoot\system32\DRIVERS\pacer.sys
0x038BE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x038CD000 \SystemRoot\system32\DRIVERS\serial.sys
0x038EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03905000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03919000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0396A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03976000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03981000 \SystemRoot\System32\drivers\discache.sys
0x03990000 \SystemRoot\System32\Drivers\dfsc.sys
0x039AE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x039BF000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03AE0000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03B27000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B4D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0442B000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03C13000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03D07000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03D4D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys


tricia9000
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-01-28
Gender Gender : Female
Points Points : 25336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: (help me please) exploit phamacy spamsite type1173

Post by Belahzur on 15th October 2010, 10:50 pm

The log was cut off, but we checked the MBR, it's fine.

Please run MBAM.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum