Trojans and Malware...logs attatched.part 1

View previous topic View next topic Go down

Trojans and Malware...logs attatched.part 1

Post by lhannah3665 on Tue 13 Dec 2011, 1:16 pm

Here are the requested logs (part 1)
Extras.txt
OTL Extras logfile created on: 12/12/2011 7:59:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\mom\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 48.63% Memory free
6.19 Gb Paging File | 4.25 Gb Available in Paging File | 68.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.49 Gb Total Space | 111.56 Gb Free Space | 38.67% Space Free | Partition Type: NTFS
Drive D: | 9.60 Gb Total Space | 1.30 Gb Free Space | 13.56% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 283.93 Gb Free Space | 95.25% Space Free | Partition Type: NTFS

Computer Name: FRED | User Name: mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Windows\TEMP\hpnhae\setup.exe" = C:\Windows\TEMP\hpnhae\setup.exe:*:Enabled:setup


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{089BFEAC-D1D8-4AC7-A70E-3C5A03E642AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{187D7F55-EFDC-4583-ACD3-D8464ABB5412}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1AF0C643-52C5-4AFD-9A0E-C372A869C9D3}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1B30B513-4D78-4333-BADD-8320E0FD76B3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cloning clyde demo\cloningclyde.exe |
"{2162D9FF-E278-454E-928D-B37609170083}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\launchpad.exe |
"{24DF6B03-5DFD-40A9-8EF6-91EC8110F3D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2DE9F40F-9ABD-40CF-91A2-3854B7485BD4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2F291AFE-D0B8-4B4F-AFC9-58382B90441A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3094B95C-3BCE-4AAC-8168-BB6ACD358BA8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\demolitioninc\finaldgamegl.exe |
"{32309D6F-37A6-4894-9184-2A2BB65A1AC7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3ED0B2C5-B4A5-4B4A-BBBE-00583E0BF6E9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{42646F1D-99E5-49AB-AAE6-8EA5B1DAFCAB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{49157A15-1A02-47F8-89D0-BC80C75787B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{4E2F298E-C738-44E0-837B-24918A419435}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{4EE179BF-2B6F-4B73-B69D-63581322F1BD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{52D9830E-4EA8-4923-A9DA-4FBFB957E73D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5F5F6531-F133-4E17-882E-8DE3EF3523AB}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{5FB0F52D-F495-4439-9354-3BDD0B0F573F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{650A77F7-4A12-44D1-BE60-AFD4CC5D45EE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6BF33EA9-BB7A-4151-923D-6224B3BCC95E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6E8CE4C0-7EF4-4BE8-9263-D00418994111}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{753B9B0C-E76A-46F2-983D-9D4A5AC51F8D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dc universe online\launchpad.exe |
"{75B1FF60-87E5-4E5D-941E-A0B7DC18B3EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{77F3281D-185E-4790-878D-5B63C8BF998A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\demolitioninc\finaldgamegl.exe |
"{7BE019C2-C87F-4A39-904F-53958FA1CD46}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{7D82F5A1-1611-4403-8E92-278FF7728DA6}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{88B0ED92-ED99-4A7D-83CC-64C2B1045969}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{89840F51-EAD0-4614-B0AC-814B97229B2C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{9BD663F2-0C8D-4443-A28B-CB5D175E772F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\spider1393947\garrysmod\hl2.exe |
"{A237F7D6-9E52-41FF-BA5F-120A26BD5F00}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{A792D315-FCE9-4966-9EE1-DB9AC5789498}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{AF66D6FA-2863-4D5E-8839-B87404540600}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{BB588A75-248E-4231-884E-ED327DB03632}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BBF52FC7-A57F-4D1D-9C74-308D509F5E34}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C070A9EB-11A6-4808-86EC-1567C054FA77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C098EDDE-E000-4CEC-BE24-271CC1F93F5E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{D4E28F52-FA40-42A6-93A1-8C59F6F9ADEC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D749C27A-7A04-4751-BB18-AAE59C8BE537}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DF495985-AAAB-48D9-A4E0-0200308C01BE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\spider1393947\garrysmod\hl2.exe |
"{E073820C-F42B-454F-880A-45EB992DE92B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EAF87EA5-B08B-4BAE-8F77-BB75A91EA0AF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F15D811C-BBF5-4F1A-8406-BFFB34757AE2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F8FFCADB-1FCF-4C35-B71D-378252EF9A07}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FB25DA34-F3AA-475D-BBC8-37242EC3F852}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{FBBEBD6E-5D27-47F4-ADFE-A8479458694E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cloning clyde demo\cloningclyde.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alex the Allegator 4_is1" = Alex4 v1.1
"am-5spotsii" = 5 Spots II
"am-amazingadventuresaroundtheworldtm" = Amazing Adventures Around the World(TM)
"am-amazingadventuresthelosttombtm" = Amazing Adventures The Lost Tomb(TM)
"am-bloodties" = Blood Ties
"am-caribbeanmahjong" = Caribbean Mah Jong
"am-collapsecrunch" = Collapse! Crunch
"am-cosmicbugs" = Cosmic Bugs
"am-cuemastergold" = Cue Master Gold
"am-dreamchronicles" = Dream Chronicles
"am-feedingfrenzy2" = Feeding Frenzy 2
"am-fizzball" = FizzBall
"am-grannyinparadise" = Granny in Paradise
"amg-tropix" = Tropix
"amg-tropixtm2thequestforthegoldenbanana" = Tropix(TM) 2 - The Quest For the Golden Banana
"amg-wordslinger" = Word Slinger
"am-hamsterball" = Hamsterball
"am-jewelquest" = Jewel Quest
"am-littleshopmemories" = Little Shop - Memories
"am-littleshopoftreasures" = Little Shop of Treasures
"am-littleshopoftreasures2" = Little Shop of Treasures 2
"am-littleshopworldtraveler" = Little Shop - World Traveler
"am-magicball2newworlds" = Magic Ball 2 New Worlds
"am-marooned" = Marooned
"am-mortimerbeckettandthesecretsofspookymanor" = Mortimer Beckett and the Secrets of Spooky Manor
"am-mortimerbeckettandthetimeparadox" = Mortimer Beckett and the Time Paradox
"am-pandacrazegold" = Panda Craze Gold
"am-rocketbowl" = RocketBowl
"am-scrabble" = SCRABBLE
"am-shapeshifter" = Shape Shifter
"am-skybubblesdeluxe" = Sky Bubbles Deluxe
"am-snowythebearsadventures" = Snowy - The Bear's Adventures
"am-snowytreasurehunter2" = Snowy - Treasure Hunter 2
"am-splash" = Splash
"am-springsprangsprung" = Spring Sprang Sprung
"am-supergranny3" = Super Granny 3
"am-themysteryofthecrystalportal" = The Mystery of the Crystal Portal
"am-triviamachine" = Trivia Machine
"am-turtleodyssey2" = Turtle Odyssey 2
"am-vampiresagawelcometohelllock" = Vampire Saga - Welcome to Hell Lock
"am-varmintz" = Varmintz
"am-waterbugs" = Water Bugs
"am-wikthefableofsouls" = Wik & The Fable Of Souls
"am-wizardspentm" = Wizard's Pen(TM)
"AVG" = AVG 2012
"BFG-A Series of Unfortunate Events" = A Series of Unfortunate Events
"BFG-Azada" = Azada ®
"BFGC" = Big Fish Games: Game Manager
"BFG-Crazy Machines - New from the Lab" = Crazy Machines: New from the Lab
"BFG-Drawn - Dark Flight" = Drawn: Dark Flight ®
"BFG-Drawn - The Painted Tower" = Drawn®: The Painted Tower ™
"BFG-Drawn - Trail of Shadows" = Drawn™: Trail of Shadows
"BFG-Dream Chronicles - The Book of Water" = Dream Chronicles: The Book of Water
"BFG-Fizzball" = Fizzball
"BFG-Grim Tales - The Bride Collector's Edition" = Grim Tales: The Bride Collector's Edition
"BFG-Lost Souls - Enchanted Paintings Collector's Edition" = Lost Souls: Enchanted Paintings Collector's Edition
"BFG-Mystery Case Files - Escape from Ravenhearst Collector's Edition" = Mystery Case Files®: Escape from Ravenhearst™ Collector's Edition
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate ®
"BFG-Pahelika - Secret Legends" = Pahelika: Secret Legends
"BFG-Patricias Quest for Sun" = Patricia's Quest for Sun
"BFG-Professor Fizzwizzle" = Professor Fizzwizzle
"BFG-Secrets of Great Art" = Secrets of Great Art
"BFG-Shades of Death - Royal Blood" = Shades of Death: Royal Blood
"BFG-SpongeBob Atlantis SquareOff" = SpongeBob Atlantis SquareOff
"BFG-SpongeBob SquarePants Obstacle Odyssey" = SpongeBob SquarePants Obstacle Odyssey
"BFG-SpongeBob SquarePants Obstacle Odyssey 2" = SpongeBob SquarePants Obstacle Odyssey 2
"BFG-Steve the Sheriff - The Case of the Missing Thing" = Steve the Sheriff 2: The Case of the Missing Thing ™
"BFG-Tasty Planet - Back for Seconds" = Tasty Planet: Back for Seconds
"BFG-The Amazing Brain Train" = The Amazing Brain Train
"BFG-Time Mysteries - The Ancient Spectres Collectors Edition" = Time Mysteries: The Ancient Spectres Collector's Edition
"BFG-Virtual Families" = Virtual Families
"BFG-Virtual Villagers - New Believers" = Virtual Villagers: New Believers
"BFG-Virtual Villagers - The Tree of Life" = Virtual Villagers: The Tree of Life
"BFG-Wonderland Adventures - Mysteries of Fire Island" = Wonderland Adventures: Mysteries of Fire Island
"BFG-World of Goo" = World of Goo
"BFG-Yumsters! 2" = Yumsters! 2
"Blockland" = Blockland
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Crossrider" = Crossrider Web Apps
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DragonNest" = DragonNest
"Google Chrome" = Google Chrome
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Kidzui" = Kidzui
"LogMeIn Hamachi" = LogMeIn Hamachi
"MapleStory" = MapleStory
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MPlayer" = MPlayer (remove only)
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"New LEGO Digital Designer" = LEGO Digital Designer
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Pahelika: Secret Legends" = Pahelika: Secret Legends
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Portforward Static IP Address" = Portforward Static IP Address 1.0.47
"Steam App 17390" = Spore
"Steam App 24200" = DC Universe Online
"Steam App 4000" = Garry's Mod
"Steam App 410" = Portal: First Slice
"Steam App 440" = Team Fortress 2
"Steam App 91820" = Cloning Clyde Demo
"Steam App 98610" = Demolition, Inc. Demo
"Steam App 99900" = Spiral Knights
"UnityWebPlayer" = Unity Web Player
"Web Games Player Plugin" = Web Games Player Plugin
"WebcamMax" = WebcamMax
"WildTangent hp Master Uninstall" = My HP Games
"Wonderland v1.17 Demo_is1" = Wonderland v1.17
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Converter" = FoxTab PDF Converter
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2011 4:11:25 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/12/2011 4:19:27 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/12/2011 7:27:15 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/12/2011 7:29:25 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/12/2011 7:35:23 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/12/2011 8:06:14 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/12/2011 8:08:23 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/12/2011 8:14:24 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/12/2011 8:22:23 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 12/12/2011 8:30:23 PM | Computer Name = fred | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

[ Media Center Events ]
Error - 9/7/2011 9:03:31 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

Error - 9/7/2011 9:03:43 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

Error - 9/7/2011 9:34:13 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

Error - 9/7/2011 9:34:25 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

Error - 9/30/2011 10:14:40 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

Error - 9/30/2011 10:14:52 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

Error - 9/30/2011 10:15:50 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

Error - 9/30/2011 10:16:02 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

Error - 10/1/2011 10:43:21 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

Error - 10/1/2011 10:43:32 PM | Computer Name = fred | Source = ehRecvr | ID = 3
Description =

[ System Events ]
Error - 9/28/2011 2:29:13 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:29:15 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:29:17 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:29:21 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:29:26 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:30:01 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:30:01 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:30:02 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:30:02 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =

Error - 9/28/2011 2:30:03 PM | Computer Name = fred | Source = DCOM | ID = 10016
Description =


< End of report >


checkup.txt
Results of screen317's Security Check version 0.99.28
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


lhannah3665

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-12-13
Operating System : vista

View user profile

Back to top Go down

Trojans and Malware...logs attatched.part 2

Post by lhannah3665 on Tue 13 Dec 2011, 1:20 pm

More logs
otl.txt
OTL logfile created on: 12/12/2011 7:59:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\mom\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 48.63% Memory free
6.19 Gb Paging File | 4.25 Gb Available in Paging File | 68.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.49 Gb Total Space | 111.56 Gb Free Space | 38.67% Space Free | Partition Type: NTFS
Drive D: | 9.60 Gb Total Space | 1.30 Gb Free Space | 13.56% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 283.93 Gb Free Space | 95.25% Space Free | Partition Type: NTFS

Computer Name: FRED | User Name: mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 19:58:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\mom\Downloads\OTL.com
PRC - [2011/12/11 23:32:49 | 000,246,624 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/12/11 23:32:47 | 000,218,464 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/17 19:41:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2011/08/15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/02 02:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/16 23:56:48 | 001,038,848 | ---- | M] () -- C:\Program Files\WebcamMax\wcmmon.exe
PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 05:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/14 14:00:00 | 000,608,584 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2007/10/25 08:52:08 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/11/02 04:45:39 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
PRC - [2006/11/02 04:45:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/11 23:32:47 | 000,218,464 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/07/16 23:56:48 | 001,038,848 | ---- | M] () -- C:\Program Files\WebcamMax\wcmmon.exe
MOD - [2006/11/02 04:46:10 | 000,227,328 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/11/02 04:46:10 | 000,227,328 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/11 23:32:49 | 000,246,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/12/09 18:32:50 | 000,096,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL -- (SPService)
SRV - [2011/11/20 16:50:11 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/13 21:19:37 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/06/23 01:43:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011/05/21 05:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/01 04:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C310(UVC)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 06:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/07 09:36:08 | 000,156,928 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\xcbda.sys -- (xcbdaNtsc) ViXS Tuner Card (NTSC)
DRV - [2006/11/02 03:31:04 | 000,074,752 | ---- | M] () [File_System | Unknown | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B0702ef53-c05d-4509-b489-3a17493565bf%7D&mid=9a6595e03f1047d1a066d157ca9140f9-f9d08582415a52adbaebc151e40d9cfaaedecd1e&ds=AVG&v=8.0.0.40&lang=en&pr=pr&d=2011-11-07%2002%3A22%3A59&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mom\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\mom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/09/11 19:22:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/11 23:33:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 17:46:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/17 18:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mom\AppData\Roaming\Mozilla\Extensions
[2011/12/12 19:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\6cdwg97z.default\extensions
[2011/12/07 09:06:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\6cdwg97z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/09 15:47:32 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\6cdwg97z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/12/11 23:32:59 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\6cdwg97z.default\extensions\avg@toolbar
[2011/11/08 15:37:57 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\6cdwg97z.default\extensions\toolbar@ask.com
[2011/11/07 04:00:24 | 000,003,847 | ---- | M] () -- C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\6cdwg97z.default\searchplugins\avg-secure-search.xml
[2011/11/08 17:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/04 17:36:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\MOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6CDWG97Z.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI
() (No name found) -- C:\USERS\MOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6CDWG97Z.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
[2011/11/08 17:46:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/02 17:59:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/08 17:46:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = [You must be registered and logged in to see this link.] 02:22:59&v=8.0.0.40&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = [You must be registered and logged in to see this link.]
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mom\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Angry Animals = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlfjdhknicfcheaebndnajchdcbfhfe\1.3_0\
CHR - Extension: Bounceball = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnonnffemhpfblohaicmfmofbfaaoobf\1.1_0\
CHR - Extension: Angry Birds Rio = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdlekfaiefblildbbeanghnhjgdanjjh\2.3_0\
CHR - Extension: Angry Birds v2.2 = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hikhjekfmonnfeifellicglejlbofbha\2.2_0\
CHR - Extension: AVG Safe Search = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
CHR - Extension: Premiumplay Codec-C = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.13.21_0\
CHR - Extension: Angry Cows = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbilfnpbilephjlhiffjlnddoidhbill\1.1_0\
CHR - Extension: Cargo Bridge = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Skype Click to Call = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: Nyan Cat = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\neimpplmbdhflkfojgmplkgflkgmodpd\3.0_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\wcmmon.exe ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36937FF7-1F22-4576-8665-B5965D4D3BCC}: NameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\mom\Pictures\domo.jpg
O24 - Desktop BackupWallPaper: C:\Users\mom\Pictures\domo.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/01 09:56:33 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dfsc - Driver
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 16:37:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2011/12/12 16:37:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2011/12/12 16:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2011/12/12 16:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/12 16:37:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0306010.00B
[2011/12/12 16:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/12/12 16:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/12 14:35:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2011/12/11 23:34:05 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\AVG2012
[2011/12/11 23:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/12/11 23:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/11 23:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/12/11 23:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/12/11 23:31:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/12/11 23:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/10 12:50:15 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Local\LogMeIn Hamachi
[2011/12/10 12:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/12/10 12:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/12/09 22:32:57 | 000,000,000 | ---D | C] -- C:\Users\mom\Documents\OneNote Notebooks
[2011/12/08 22:04:40 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\PFStaticIP
[2011/12/08 21:55:14 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2011/12/08 21:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\PFStaticIP
[2011/12/08 20:45:18 | 000,000,000 | ---D | C] -- C:\Users\mom\Desktop\mom
[2011/12/06 12:47:46 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dream Chronicles - The Book of Water
[2011/12/06 12:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles - The Book of Water
[2011/12/06 12:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles - The Book of Water
[2011/12/06 12:43:37 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - The Painted Tower
[2011/12/06 12:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - The Painted Tower
[2011/12/06 12:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Drawn - The Painted Tower
[2011/12/06 12:40:37 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
[2011/12/06 12:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
[2011/12/06 12:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Drawn - Dark Flight
[2011/12/06 12:10:55 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Trail of Shadows
[2011/12/06 12:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Trail of Shadows
[2011/12/06 12:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Drawn - Trail of Shadows
[2011/12/06 12:06:29 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Local\Oberon Media
[2011/12/06 12:06:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\A Series of Unfortunate Events
[2011/11/25 00:19:55 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Mysteries - The Ancient Spectres Collectors Edition
[2011/11/25 00:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Mysteries - The Ancient Spectres Collectors Edition
[2011/11/25 00:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\Time Mysteries - The Ancient Spectres Collectors Edition
[2011/11/25 00:15:39 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Escape from Ravenhearst Collector's Edition
[2011/11/25 00:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Escape from Ravenhearst Collector's Edition
[2011/11/25 00:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Case Files - Escape from Ravenhearst Collector's Edition
[2011/11/23 21:05:21 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crazy Machines - New from the Lab
[2011/11/23 21:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crazy Machines - New from the Lab
[2011/11/23 21:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Crazy Machines - New from the Lab
[2011/11/17 14:45:13 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\ERS Game Studios
[2011/11/17 14:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpongeBob SquarePants Obstacle Odyssey 2
[2011/11/17 14:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\SpongeBob SquarePants Obstacle Odyssey 2
[2011/11/17 14:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpongeBob SquarePants Obstacle Odyssey
[2011/11/17 14:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\SpongeBob SquarePants Obstacle Odyssey
[2011/11/17 14:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpongeBob Atlantis SquareOff
[2011/11/17 14:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpongeBob Atlantis SquareOff
[2011/11/17 14:22:29 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Madame Fate
[2011/11/17 14:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Madame Fate
[2011/11/17 14:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Case Files - Madame Fate
[2011/11/17 14:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secrets of Great Art
[2011/11/17 14:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Secrets of Great Art
[2011/11/17 14:21:15 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azada
[2011/11/17 14:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azada
[2011/11/17 14:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Azada
[2011/11/16 00:06:22 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Harmonic Flow
[2011/11/16 00:05:09 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Patricias Quest for Sun
[2011/11/16 00:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Patricias Quest for Sun
[2011/11/16 00:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Patricias Quest for Sun
[2011/11/14 09:10:21 | 000,000,000 | ---D | C] -- C:\Users\mom\Documents\My Games
[2011/11/14 08:57:32 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Local\SCE
[2011/11/14 00:06:23 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/11/14 00:06:23 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/11/14 00:06:19 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/11/14 00:06:13 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/11/14 00:06:09 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/11/14 00:06:05 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/11/14 00:06:02 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/11/14 00:05:57 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/11/14 00:05:52 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/11/14 00:05:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/11/14 00:05:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/11/14 00:05:44 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/11/14 00:05:38 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/11/14 00:05:38 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/11/14 00:05:34 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011/11/14 00:05:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/11/14 00:05:12 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/11/14 00:05:08 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/11/14 00:05:04 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/11/14 00:05:00 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/11/14 00:04:53 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011/11/14 00:04:53 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011/11/14 00:04:48 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/11/14 00:04:42 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/11/14 00:04:38 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/11/14 00:04:34 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/11/14 00:04:27 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/11/14 00:04:27 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/11/14 00:04:23 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/11/14 00:04:17 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/11/14 00:04:17 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/11/14 00:04:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/11/14 00:04:10 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/11/14 00:04:04 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/11/14 00:04:04 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/11/14 00:04:00 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/11/14 00:03:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/11/14 00:03:53 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/11/14 00:03:48 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/11/14 00:03:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/11/14 00:03:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/11/14 00:03:39 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/11/14 00:03:35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/11/14 00:03:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/11/14 00:03:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/11/14 00:03:24 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/11/14 00:03:20 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/11/14 00:03:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/11/14 00:03:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/11/14 00:03:05 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/11/14 00:03:05 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/11/14 00:03:00 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/11/14 00:02:56 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/11/14 00:02:47 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/11/14 00:02:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/11/14 00:02:41 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/11/14 00:02:36 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/11/14 00:02:30 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/11/14 00:02:30 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/11/14 00:02:25 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/11/14 00:02:20 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/11/14 00:02:20 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/11/14 00:02:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/11/14 00:02:13 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/11/14 00:02:07 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/11/14 00:02:03 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/11/14 00:01:58 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/11/14 00:01:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/11/14 00:01:51 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/11/14 00:01:46 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/11/14 00:01:41 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/11/14 00:01:36 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/11/14 00:01:32 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/11/14 00:01:26 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/11/14 00:01:21 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/11/14 00:01:21 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/11/14 00:01:13 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/11/14 00:01:08 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/11/14 00:01:05 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/11/14 00:01:00 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/11/14 00:00:56 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/11/14 00:00:51 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/11/14 00:00:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/11/14 00:00:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/11/14 00:00:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/11/14 00:00:11 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/11/14 00:00:02 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/11/13 23:59:55 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/11/13 23:59:46 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/11/13 23:59:38 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/11/13 23:59:28 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll

========== Files - Modified Within 30 Days ==========



lhannah3665

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-12-13
Operating System : vista

View user profile

Back to top Go down

Re: Trojans and Malware...logs attatched.part 1

Post by lhannah3665 on Tue 13 Dec 2011, 1:41 pm

aswMBR
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 20:53:26
-----------------------------
20:53:26.980 OS Version: Windows 6.0.6000
20:53:26.981 Number of processors: 4 586 0x202
20:53:26.983 ComputerName: FRED UserName: mom
20:53:28.795 Initialize success
20:56:13.659 AVAST engine defs: 11121201
20:57:07.726 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
20:57:07.731 Disk 0 Vendor: ST332082 3.CH Size: 305245MB BusType: 6
20:57:07.737 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000055
20:57:07.744 Disk 1 Vendor: ST332082 3.CH Size: 305245MB BusType: 6
20:57:09.778 Disk 0 MBR read successfully
20:57:09.786 Disk 0 MBR scan
20:57:09.798 Disk 0 unknown MBR code
20:57:09.812 Disk 0 scanning sectors +625136400
20:57:09.885 Disk 0 scanning C:\Windows\system32\drivers
20:57:11.675 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOV [Rtk]
20:57:21.090 Service scanning
20:57:22.601 Modules scanning
20:57:27.066 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
20:57:29.390 Disk 0 trace - called modules:
20:57:29.427 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87e25f10]<<
20:57:29.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f6b380]
20:57:29.450 3 ntkrnlpa.exe[81cb0d35] -> nt!IofCallDriver -> [0x87d8a030]
20:57:29.460 \Driver\00001423[0x87da2978] -> IRP_MJ_CREATE -> 0x87e25f10
20:57:30.689 AVAST engine scan C:\Windows
20:57:35.561 AVAST engine scan C:\Windows\system32
21:00:20.049 AVAST engine scan C:\Windows\system32\drivers
21:00:22.734 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOV [Rtk]
21:00:49.275 AVAST engine scan C:\Users\mom
21:04:11.464 Disk 0 MBR has been saved successfully to "C:\Users\mom\Desktop\MBR.dat"
21:04:11.482 The log file has been saved successfully to "C:\Users\mom\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 20:53:26
-----------------------------
20:53:26.980 OS Version: Windows 6.0.6000
20:53:26.981 Number of processors: 4 586 0x202
20:53:26.983 ComputerName: FRED UserName: mom
20:53:28.795 Initialize success
20:56:13.659 AVAST engine defs: 11121201
20:57:07.726 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
20:57:07.731 Disk 0 Vendor: ST332082 3.CH Size: 305245MB BusType: 6
20:57:07.737 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000055
20:57:07.744 Disk 1 Vendor: ST332082 3.CH Size: 305245MB BusType: 6
20:57:09.778 Disk 0 MBR read successfully
20:57:09.786 Disk 0 MBR scan
20:57:09.798 Disk 0 unknown MBR code
20:57:09.812 Disk 0 scanning sectors +625136400
20:57:09.885 Disk 0 scanning C:\Windows\system32\drivers
20:57:11.675 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOV [Rtk]
20:57:21.090 Service scanning
20:57:22.601 Modules scanning
20:57:27.066 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
20:57:29.390 Disk 0 trace - called modules:
20:57:29.427 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87e25f10]<<
20:57:29.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f6b380]
20:57:29.450 3 ntkrnlpa.exe[81cb0d35] -> nt!IofCallDriver -> [0x87d8a030]
20:57:29.460 \Driver\00001423[0x87da2978] -> IRP_MJ_CREATE -> 0x87e25f10
20:57:30.689 AVAST engine scan C:\Windows
20:57:35.561 AVAST engine scan C:\Windows\system32
21:00:20.049 AVAST engine scan C:\Windows\system32\drivers
21:00:22.734 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOV [Rtk]
21:00:49.275 AVAST engine scan C:\Users\mom
21:04:11.464 Disk 0 MBR has been saved successfully to "C:\Users\mom\Desktop\MBR.dat"
21:04:11.482 The log file has been saved successfully to "C:\Users\mom\Desktop\aswMBR.txt"
21:20:57.621 AVAST engine scan C:\ProgramData
21:27:49.861 Scan finished successfully
21:38:49.247 Disk 0 MBR has been saved successfully to "C:\Users\mom\Desktop\MBR.dat"
21:38:49.263 The log file has been saved successfully to "C:\Users\mom\Desktop\aswMBR.txt"

lhannah3665

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-12-13
Operating System : vista

View user profile

Back to top Go down

Re: Trojans and Malware...logs attatched.part 1

Post by Belahzur on Thu 15 Dec 2011, 9:16 am

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojans and Malware...logs attatched.part 1

Post by lhannah3665 on Sat 17 Dec 2011, 5:18 am

combofix

ComboFix 11-12-16.01 - mom 12/16/2011 12:48:07.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3070.1859 [GMT -5:00]
Running from: c:\users\mom\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 17:58 . 2011-12-16 17:59 -------- d-----w- c:\users\mom\AppData\Local\temp
2011-12-16 17:58 . 2011-12-16 17:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-16 17:58 . 2011-12-16 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 01:01 . 2011-12-16 01:01 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-15 20:50 . 2011-12-15 22:14 -------- d-----w- c:\users\mom\AppData\Local\Temp(98)
2011-12-15 20:21 . 2011-12-15 22:13 -------- dc----w- C:\commy
2011-12-12 21:37 . 2011-12-12 21:37 -------- d-----w- c:\programdata\Norton
2011-12-12 21:37 . 2011-12-12 21:37 -------- d-----w- c:\program files\Norton Security Scan
2011-12-12 21:37 . 2011-12-12 21:37 -------- d-----w- c:\program files\NortonInstaller
2011-12-12 04:32 . 2011-12-12 04:32 -------- d-----w- c:\program files\Common Files\AVG Secure Search(12)
2011-12-12 04:32 . 2011-12-12 04:32 -------- d-----w- c:\program files\AVG Secure Search(6)
2011-12-12 04:31 . 2011-12-15 22:28 -------- d-----w- c:\programdata\AVG2012
2011-12-12 04:29 . 2011-12-12 04:29 -------- d-----w- c:\program files\AVG
2011-12-10 17:50 . 2011-12-15 20:57 -------- d-----w- c:\users\mom\AppData\Local\LogMeIn Hamachi
2011-12-10 17:49 . 2011-12-10 17:49 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-12-09 03:04 . 2011-12-09 03:24 -------- d-----w- c:\users\mom\AppData\Roaming\PFStaticIP
2011-12-09 02:55 . 2011-12-09 02:55 -------- d-----w- c:\program files\PFStaticIP
2011-12-06 17:47 . 2011-12-06 17:48 -------- d-----w- c:\program files\Dream Chronicles - The Book of Water
2011-12-06 17:43 . 2011-12-06 17:44 -------- d-----w- c:\program files\Drawn - The Painted Tower
2011-12-06 17:40 . 2011-12-06 17:42 -------- d-----w- c:\program files\Drawn - Dark Flight
2011-12-06 17:10 . 2011-12-06 17:12 -------- d-----w- c:\program files\Drawn - Trail of Shadows
2011-12-06 17:06 . 2011-12-15 22:28 -------- d-----w- c:\users\mom\AppData\Local\Oberon Media
2011-11-25 05:19 . 2011-11-25 05:21 -------- d-----w- c:\program files\Time Mysteries - The Ancient Spectres Collectors Edition
2011-11-25 05:15 . 2011-12-15 22:28 -------- d-----w- c:\program files\Mystery Case Files - Escape from Ravenhearst Collector's Edition
2011-11-24 02:05 . 2011-12-15 22:28 -------- d-----w- c:\program files\Crazy Machines - New from the Lab
2011-11-17 19:45 . 2011-11-17 19:45 -------- d-----w- c:\users\mom\AppData\Roaming\ERS Game Studios
2011-11-17 19:23 . 2011-11-17 19:23 -------- d-----w- c:\program files\SpongeBob SquarePants Obstacle Odyssey 2
2011-11-17 19:23 . 2011-11-17 19:23 -------- d-----w- c:\program files\SpongeBob SquarePants Obstacle Odyssey
2011-11-17 19:22 . 2011-11-17 19:22 -------- d-----w- c:\program files\SpongeBob Atlantis SquareOff
2011-11-17 19:22 . 2011-11-17 19:22 -------- d-----w- c:\program files\Mystery Case Files - Madame Fate
2011-11-17 19:21 . 2011-12-15 22:28 -------- d-----w- c:\program files\Secrets of Great Art
2011-11-17 19:21 . 2011-11-17 19:21 -------- d-----w- c:\program files\Azada
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 05:06 . 2011-08-17 23:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 09:07 . 2011-11-07 11:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-07 09:07 . 2011-11-07 09:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-03 17:06 . 2011-11-07 09:04 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-21 22:16 . 2011-08-18 01:32 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-21 22:16 . 2011-08-18 01:32 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-10-14 02:19 . 2011-10-14 02:19 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-07 03:48 . 2011-11-04 13:44 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7742C2AD-035E-46C8-9312-69FE7F54D862}\mpengine.dll
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-11-08 22:46 . 2011-08-17 23:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-07 07:22 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 01:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-07 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-07 218464]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-14 608584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-11-03 15232]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-14 232512]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-07 246624]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-23 1068216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\DRIVERS\xcbda.sys [2007-09-07 156928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 23:57]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-17 23:57]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3743335685-4218631142-3694528171-1000Core.job
- c:\users\mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 00:15]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3743335685-4218631142-3694528171-1000UA.job
- c:\users\mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 00:15]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\6cdwg97z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
AddRemove-Crossrider - c:\program files\CrossriderWebApps\uninstall.exe
AddRemove-FoxTab PDF Converter - c:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-12-16 12:58
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-16 13:01:08
ComboFix-quarantined-files.txt 2011-12-16 18:01
.
Pre-Run: 114,547,134,464 bytes free
Post-Run: 114,706,178,048 bytes free
.
- - End Of File - - CD76DE4EA378D8C35150FA8C582E3049

lhannah3665

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-12-13
Operating System : vista

View user profile

Back to top Go down

Re: Trojans and Malware...logs attatched.part 1

Post by Belahzur on Sun 18 Dec 2011, 9:51 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Trojans and Malware...logs attatched.part 1

Post by Sponsored content Today at 7:40 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum