Trojan SPM/LX or similar infection
02-27-2011
, 05:07 PM
I was browsing the Web, I think I was on eBay when I noticed Firefox (3.6.13) asking on top of eBay tab that "the website requires installing additional add-ins" (which I didn't touch), and my Comodo Firewall saying at the same time that a very obscure filename .exe (which I hadn't launched) is trying to connect to Internets. Denied that, this time C:\ProgramData\bDpCcJi06308\bDpCcJi06308.exe wanted to connect. Denied that, but somehow it had installed itself anyway. AVG real-time protection had disappeared somewhere also I think.
Anyway, now it started killing my processes and demanding I pay for his fake Anti-Virus, business as usual.
Reboot into safe mode, for some reason MBAB wouldn't update database, it is ~60 days old and doesn't find anything.
Posting logs now.
I will remove the bDpCcJi06308.exe from RunOnce using HJT and will remove from file system but not sure what else I need to eradicate to get rid of it. BTW timestamp of that file is consistent with the time when I was browsing eBay.
My main concern is whether I really will get rid of this, as it is my poker system.
My secondary concern is if I should change all my passwords immediately using safe mode (or my laptop which I don't trust), or wait until I reinstall.
My tertiary concern is - how did this thing happen? Does eBay really allow CSS/ads which exploit Firefox defects which lets these things install? Doesn't seem likely but I cannot think of anything else right now.
Anyway, now it started killing my processes and demanding I pay for his fake Anti-Virus, business as usual.
Reboot into safe mode, for some reason MBAB wouldn't update database, it is ~60 days old and doesn't find anything.
Posting logs now.
I will remove the bDpCcJi06308.exe from RunOnce using HJT and will remove from file system but not sure what else I need to eradicate to get rid of it. BTW timestamp of that file is consistent with the time when I was browsing eBay.
My main concern is whether I really will get rid of this, as it is my poker system.
My secondary concern is if I should change all my passwords immediately using safe mode (or my laptop which I don't trust), or wait until I reinstall.
My tertiary concern is - how did this thing happen? Does eBay really allow CSS/ads which exploit Firefox defects which lets these things install? Doesn't seem likely but I cannot think of anything else right now.
Last edited by Jurrr; 02-27-2011 at 05:14 PM.
02-27-2011
, 05:08 PM
HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:09 PM, on 2011-02-27
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
E:\temp\deleteme\HijackThis.exe
C:\Program Files (x86)\AVG9\avgcsrvx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8080/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6\bin\jp2ssv.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Cobian Backup 9] "C:\Program Files (x86)\Cobian Backup 9\Cobian.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jurrr\AppData\Local\Google\Update\Google Update.exe" /c
O4 - HKCU\..\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe /AutoRunning="2"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [bDpCcJi06308] C:\ProgramData\bDpCcJi06308\bDpCcJi06308.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: UltimateBet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Jurrr\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Jurrr\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8642832E-B2AC-4F4A-8898-922035ABA14D}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10350 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:09 PM, on 2011-02-27
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
E:\temp\deleteme\HijackThis.exe
C:\Program Files (x86)\AVG9\avgcsrvx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8080/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6\bin\jp2ssv.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Cobian Backup 9] "C:\Program Files (x86)\Cobian Backup 9\Cobian.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jurrr\AppData\Local\Google\Update\Google Update.exe" /c
O4 - HKCU\..\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe /AutoRunning="2"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [bDpCcJi06308] C:\ProgramData\bDpCcJi06308\bDpCcJi06308.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: UltimateBet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Jurrr\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Jurrr\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8642832E-B2AC-4F4A-8898-922035ABA14D}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10350 bytes
02-27-2011
, 05:10 PM
MBAM (very helpful indeed
):
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
2011-02-27 8:55:52 PM
mbam-log-2011-02-27 (20-55-52).txt
Scan type: Full scan (C:\|)
Objects scanned: 368664
Time elapsed: 5 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
2011-02-27 8:55:52 PM
mbam-log-2011-02-27 (20-55-52).txt
Scan type: Full scan (C:\|)
Objects scanned: 368664
Time elapsed: 5 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
02-27-2011
, 05:11 PM
DDS #1:
DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Jurrr at 20:44:53.15 on 2011-02-27
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion:
1.6.0_16
Microsoft Windows 7 Home Premium
6.1.7600.0.1252.1.1033.18.6134.4336 [GMT 0:00]
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-
DEE9-F85A-FBCD-ADB11639C5F0}
SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-
6AC6-4A85-4415E7D88418}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-
F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-
4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-
D652628C89DE}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k
LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k
LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k
NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-
container.exe
E:\temp\deleteme\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://localhost:8080/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-
2923e76605da} - C:\Program Files (x86)\Microsoft Lync
\OCHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-
4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-
7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity
Tools\ptonecli.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-
bc74-9c25c1c588a9} - C:\dev\Java\jre1.6\bin\jp2ssv.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-
7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity
Tools\ptonecli.dll
uRun: [Cobian Backup 9] "C:\Program Files (x86)\Cobian
Backup 9\Cobian.exe"
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Jurrr\AppData\Local
\Google\Update\GoogleUpdate.exe" /c
uRun: [PTOneClick] C:\Program Files (x86)\WebEx
\Productivity Tools\ptoneclk.exe /AutoRunning="2"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone
\Skype.exe" /nosplash /minimized
uRunOnce: [bDpCcJi06308] C:\ProgramData
\bDpCcJi06308\bDpCcJi06308.exe
mRun: [Communicator] "C:\Program Files (x86)\Microsoft
Lync\communicator.exe" /fromrunkey
StartupFolder: C:\Users\Jurrr\AppData\Roaming
\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET ~1.LNK
- C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows
\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files
(x86)\Launchy\Launchy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows
\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program
Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:
\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games
\PartyGaming\PartyPoker\RunApp.exe
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-
12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files
(x86)\Microsoft Lync\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-
CC5A-4E2E-BF3B-96E929D65503} - C:
\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation
\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-
windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-
windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-
windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flas
h/swflash.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} -
hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: {8642832E-B2AC-4F4A-8898-922035ABA14D} =
156.154.70.22,156.154.71.22
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-
1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-
435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6_x64\bin
\jp2ssv.dll
mRun-x64: [SunJavaUpdateSched] "C:\dev\Java
\jre1.6_x64\bin\jusched.exe"
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel
Matrix Storage Manager\iaanotif.exe
mRun-x64: [Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE
mRun-x64: [COMODO Internet Security] "C:\Program Files
\COMODO\COMODO Internet Security\cfp.exe" -h
mRun-x64: [{1606DC18-9578-4cbd-8312-8E9868F06A1D}] E:
\temp\deleteme\cfw_installer_x64.exe -lang 1033
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:
\Users\Jurrr\AppData\Roaming\Microsoft\Windows\Sta rt
Menu\Programs\UltimateBet\UltimateBet.lnk
AppInit_DLLs-X64: C:\Windows
\system32\guard64.dll,avgrssta.dll
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Jurrr\AppData\Roaming
\Mozilla\Firefox\Profiles\ml3lvxcq.default\
FF - prefs.js: browser.startup.homepage -
www.google.co.uk
FF - component: C:\Users\Jurrr\AppData\Roaming\Mozilla
\Firefox\Profiles\ml3lvxcq.default\extensions
\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: C:\dev\Java\jre1.6\bin\new_plugin
\npdeploytk.dll
FF - plugin: C:\dev\Java\jre1.6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth
\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update
\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office
Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox
\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins
\npitunes.dll
FF - plugin: C:\Users\Jurrr\AppData\Local\Google\Update
\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Jurrr\AppData\LocalLow\Unity
\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Jurrr\AppData\Roaming\Mozilla
\Firefox\Profiles\ml3lvxcq.default\extensions
\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: C:\Users\Jurrr\AppData\Roaming\Mozilla
\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash
\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd}
- C:\Program Files (x86)\Mozilla Firefox\extensions
\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-
ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox
\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%
\extensions\foxmarks@kei.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-
EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7
-B6B1-EDAB7D6AD389}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-
4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-
477b-912d-4e0fdf64e5f2}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%
\extensions\piclens@cooliris.com
FF - Ext: FxIF: {11483926-db67-4190-91b1-ef20fcec5f33} -
%profile%\extensions\{11483926-db67-4190-91b1-
ef20fcec5f33}
FF - Ext: 1-Click YouTube Video Downloader:
YoutubeDownloader@PeterOlayev.com - %profile%\extensions
\YoutubeDownloader@PeterOlayev.com
FF - Ext: The Camelizer: izer@camelcamelcamel.com -
%profile%\extensions\izer@camelcamelcamel.com
FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org -
%profile%\extensions\https-everywhere@eff.org
FF - Ext: FIFA Online Web Launcher:
eafo3fflauncher@ea.com - %profile%\extensions
\eafo3fflauncher@ea.com
============= SERVICES / DRIVERS ===============
R1 cmdHlp;COMODO Internet Security Helper Driver;C:
\Windows\System32\drivers\cmdhlp.sys [2009-11-1 33128]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:
\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:
\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows
\System32\drivers\Rt64win7.sys [2009-12-19 314400]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows
\System32\drivers\avgldx64.sys [2010-2-17 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver
x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-2-17
35536]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:
\Windows\System32\drivers\cmdguard.sys [2009-11-1 119624]
S1 vflt;Shrew Soft Lightweight Filter;C:\Windows
\System32\drivers\vfilter.sys [2009-11-19 20992]
S2 AMD External Events Utility;AMD External Events
Utility;C:\Windows\System32\atiesrxx.exe [2010-8-26
203264]
S2 avg9wd;AVG Free WatchDog;C:\Program Files
(x86)\AVG9\avgwdsvc.exe [2010-7-17 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET
Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET
\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET
Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program
Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-19
136176]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files
(x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N
"postgresql-8.4" -D "C:/Program Files
(x86)/PostgreSQL/8.4/data" -w --> C:/Program Files
(x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N
postgresql-8.4 [?]
S2 TeamViewer6;TeamViewer 6;C:\Program Files
(x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-
12-7 2228008]
S2 VMUSBArbService;VMware USB Arbitration Service;C:
\Program Files (x86)\Common Files\VMware\USB\vmware-
usbarbitrator.exe [2009-10-22 563760]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers
\atikmdag.sys [2010-8-26 7767040]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers
\atikmpag.sys [2010-8-26 279040]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers
\lv302a64.sys [2008-7-26 15768]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows
\System32\drivers\lvrs64.sys [2008-7-26 790424]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows
\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock
\pbfilter.sys [2010-5-8 24176]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers
\pnetmdm64.sys [2010-4-15 17920]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial
Communication;C:\Windows\System32\drivers\qcusbser .sys
[2010-4-21 118016]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows
\System32\drivers\teamviewervpn.sys [2009-11-9 35112]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows
\System32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows
\System32\drivers\virtualnet.sys [2009-11-19 12800]
S3 WatAdminSvc;Windows Activation Technologies
Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-2
1255736]
=============== Created Last 30 ================
2011-02-27 20:26:53 -------- d-----w-
C:\PROGRA~3\bDpCcJi06308
2011-02-23 03:00:20 367104 ----a-w- C:
\Windows\System32\wcncsvc.dll
2011-02-23 03:00:20 276992 ----a-w- C:
\Windows\SysWow64\wcncsvc.dll
2011-02-22 23:37:34 662528 ----a-w- C:
\Windows\System32\XpsPrint.dll
2011-02-22 23:37:34 475648 ----a-w- C:
\Windows\System32\XpsGdiConverter.dll
2011-02-22 23:37:34 442880 ----a-w- C:
\Windows\SysWow64\XpsPrint.dll
2011-02-22 23:37:34 288256 ----a-w- C:
\Windows\SysWow64\XpsGdiConverter.dll
2011-02-08 22:17:44 714752 ----a-w- C:
\Windows\System32\kerberos.dll
==================== Find3M ====================
2011-02-04 13:16:00 72080 ----a-w- C:\Users
\Jurrr\g2mdlhlpx.exe
2011-01-26 06:53:10 982912 ----a-w- C:
\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:
\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:
\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:
\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:
\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:
\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:
\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:
\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:
\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:
\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:
\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:
\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:
\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:
\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:
\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:
\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:
\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:
\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:
\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:
\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:
\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:
\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:
\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:
\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:
\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:
\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:
\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:
\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:
\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:
\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:
\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:
\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:
\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:
\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:
\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:
\Windows\System32\mshtml****b
2010-12-18 03:47:59 1638912 ----a-w- C:
\Windows\SysWow64\mshtml****b
============= FINISH: 20:45:02.27 ===============
DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Jurrr at 20:44:53.15 on 2011-02-27
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion:
1.6.0_16
Microsoft Windows 7 Home Premium
6.1.7600.0.1252.1.1033.18.6134.4336 [GMT 0:00]
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-
DEE9-F85A-FBCD-ADB11639C5F0}
SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-
6AC6-4A85-4415E7D88418}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-
F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-
4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-
D652628C89DE}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k
LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k
LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k
NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-
container.exe
E:\temp\deleteme\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://localhost:8080/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-
2923e76605da} - C:\Program Files (x86)\Microsoft Lync
\OCHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-
4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-
7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity
Tools\ptonecli.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-
bc74-9c25c1c588a9} - C:\dev\Java\jre1.6\bin\jp2ssv.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-
7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity
Tools\ptonecli.dll
uRun: [Cobian Backup 9] "C:\Program Files (x86)\Cobian
Backup 9\Cobian.exe"
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Jurrr\AppData\Local
\Google\Update\GoogleUpdate.exe" /c
uRun: [PTOneClick] C:\Program Files (x86)\WebEx
\Productivity Tools\ptoneclk.exe /AutoRunning="2"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone
\Skype.exe" /nosplash /minimized
uRunOnce: [bDpCcJi06308] C:\ProgramData
\bDpCcJi06308\bDpCcJi06308.exe
mRun: [Communicator] "C:\Program Files (x86)\Microsoft
Lync\communicator.exe" /fromrunkey
StartupFolder: C:\Users\Jurrr\AppData\Roaming
\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET ~1.LNK
- C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows
\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files
(x86)\Launchy\Launchy.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows
\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program
Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:
\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games
\PartyGaming\PartyPoker\RunApp.exe
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-
12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files
(x86)\Microsoft Lync\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-
CC5A-4E2E-BF3B-96E929D65503} - C:
\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation
\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-
windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-
windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-
windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flas
h/swflash.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} -
hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: {8642832E-B2AC-4F4A-8898-922035ABA14D} =
156.154.70.22,156.154.71.22
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-
1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-
435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6_x64\bin
\jp2ssv.dll
mRun-x64: [SunJavaUpdateSched] "C:\dev\Java
\jre1.6_x64\bin\jusched.exe"
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel
Matrix Storage Manager\iaanotif.exe
mRun-x64: [Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE
mRun-x64: [COMODO Internet Security] "C:\Program Files
\COMODO\COMODO Internet Security\cfp.exe" -h
mRun-x64: [{1606DC18-9578-4cbd-8312-8E9868F06A1D}] E:
\temp\deleteme\cfw_installer_x64.exe -lang 1033
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:
\Users\Jurrr\AppData\Roaming\Microsoft\Windows\Sta rt
Menu\Programs\UltimateBet\UltimateBet.lnk
AppInit_DLLs-X64: C:\Windows
\system32\guard64.dll,avgrssta.dll
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Jurrr\AppData\Roaming
\Mozilla\Firefox\Profiles\ml3lvxcq.default\
FF - prefs.js: browser.startup.homepage -
www.google.co.uk
FF - component: C:\Users\Jurrr\AppData\Roaming\Mozilla
\Firefox\Profiles\ml3lvxcq.default\extensions
\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: C:\dev\Java\jre1.6\bin\new_plugin
\npdeploytk.dll
FF - plugin: C:\dev\Java\jre1.6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth
\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update
\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office
Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox
\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins
\npitunes.dll
FF - plugin: C:\Users\Jurrr\AppData\Local\Google\Update
\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Jurrr\AppData\LocalLow\Unity
\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Jurrr\AppData\Roaming\Mozilla
\Firefox\Profiles\ml3lvxcq.default\extensions
\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: C:\Users\Jurrr\AppData\Roaming\Mozilla
\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash
\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd}
- C:\Program Files (x86)\Mozilla Firefox\extensions
\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-
ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox
\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%
\extensions\foxmarks@kei.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-
EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7
-B6B1-EDAB7D6AD389}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-
4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-
477b-912d-4e0fdf64e5f2}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%
\extensions\piclens@cooliris.com
FF - Ext: FxIF: {11483926-db67-4190-91b1-ef20fcec5f33} -
%profile%\extensions\{11483926-db67-4190-91b1-
ef20fcec5f33}
FF - Ext: 1-Click YouTube Video Downloader:
YoutubeDownloader@PeterOlayev.com - %profile%\extensions
\YoutubeDownloader@PeterOlayev.com
FF - Ext: The Camelizer: izer@camelcamelcamel.com -
%profile%\extensions\izer@camelcamelcamel.com
FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org -
%profile%\extensions\https-everywhere@eff.org
FF - Ext: FIFA Online Web Launcher:
eafo3fflauncher@ea.com - %profile%\extensions
\eafo3fflauncher@ea.com
============= SERVICES / DRIVERS ===============
R1 cmdHlp;COMODO Internet Security Helper Driver;C:
\Windows\System32\drivers\cmdhlp.sys [2009-11-1 33128]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:
\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:
\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows
\System32\drivers\Rt64win7.sys [2009-12-19 314400]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows
\System32\drivers\avgldx64.sys [2010-2-17 269904]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver
x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-2-17
35536]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:
\Windows\System32\drivers\cmdguard.sys [2009-11-1 119624]
S1 vflt;Shrew Soft Lightweight Filter;C:\Windows
\System32\drivers\vfilter.sys [2009-11-19 20992]
S2 AMD External Events Utility;AMD External Events
Utility;C:\Windows\System32\atiesrxx.exe [2010-8-26
203264]
S2 avg9wd;AVG Free WatchDog;C:\Program Files
(x86)\AVG9\avgwdsvc.exe [2010-7-17 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET
Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET
\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET
Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program
Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-19
136176]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files
(x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N
"postgresql-8.4" -D "C:/Program Files
(x86)/PostgreSQL/8.4/data" -w --> C:/Program Files
(x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N
postgresql-8.4 [?]
S2 TeamViewer6;TeamViewer 6;C:\Program Files
(x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-
12-7 2228008]
S2 VMUSBArbService;VMware USB Arbitration Service;C:
\Program Files (x86)\Common Files\VMware\USB\vmware-
usbarbitrator.exe [2009-10-22 563760]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers
\atikmdag.sys [2010-8-26 7767040]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers
\atikmpag.sys [2010-8-26 279040]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers
\lv302a64.sys [2008-7-26 15768]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows
\System32\drivers\lvrs64.sys [2008-7-26 790424]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows
\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock
\pbfilter.sys [2010-5-8 24176]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers
\pnetmdm64.sys [2010-4-15 17920]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial
Communication;C:\Windows\System32\drivers\qcusbser .sys
[2010-4-21 118016]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows
\System32\drivers\teamviewervpn.sys [2009-11-9 35112]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows
\System32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows
\System32\drivers\virtualnet.sys [2009-11-19 12800]
S3 WatAdminSvc;Windows Activation Technologies
Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-2
1255736]
=============== Created Last 30 ================
2011-02-27 20:26:53 -------- d-----w-
C:\PROGRA~3\bDpCcJi06308
2011-02-23 03:00:20 367104 ----a-w- C:
\Windows\System32\wcncsvc.dll
2011-02-23 03:00:20 276992 ----a-w- C:
\Windows\SysWow64\wcncsvc.dll
2011-02-22 23:37:34 662528 ----a-w- C:
\Windows\System32\XpsPrint.dll
2011-02-22 23:37:34 475648 ----a-w- C:
\Windows\System32\XpsGdiConverter.dll
2011-02-22 23:37:34 442880 ----a-w- C:
\Windows\SysWow64\XpsPrint.dll
2011-02-22 23:37:34 288256 ----a-w- C:
\Windows\SysWow64\XpsGdiConverter.dll
2011-02-08 22:17:44 714752 ----a-w- C:
\Windows\System32\kerberos.dll
==================== Find3M ====================
2011-02-04 13:16:00 72080 ----a-w- C:\Users
\Jurrr\g2mdlhlpx.exe
2011-01-26 06:53:10 982912 ----a-w- C:
\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:
\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:
\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:
\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:
\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:
\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:
\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:
\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:
\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:
\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:
\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:
\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:
\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:
\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:
\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:
\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:
\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:
\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:
\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:
\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:
\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:
\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:
\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:
\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:
\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:
\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:
\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:
\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:
\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:
\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:
\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:
\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:
\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:
\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:
\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:
\Windows\System32\mshtml****b
2010-12-18 03:47:59 1638912 ----a-w- C:
\Windows\SysWow64\mshtml****b
============= FINISH: 20:45:02.27 ===============
02-27-2011
, 05:12 PM
DDS #2:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-10-23 1:32:38 PM
System Uptime: 2011-02-27 8:40:40 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2672/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 1.293 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 15.344 GiB free.
G: is Removable
H: is Removable
==== Disabled Device Manager Items =============
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Shrew Soft Lightweight Filter
Device ID: ROOT\LEGACY_VFLT\0000
Manufacturer:
Name: Shrew Soft Lightweight Filter
PNP Device ID: ROOT\LEGACY_VFLT\0000
Service: vflt
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
µTorrent
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
AutoHotkey 1.0.48.05
AVG Free 9.0
Betfair Poker
Betsafe Poker
Betsson Poker
Camtasia Studio 6
Cobian Backup 9
erLT
FreePHG V3.03
Full Tilt Poker
GIMP 2.6.8
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToMeeting 4.5.0.457
Heypoker
Holdem Manager
IrfanView (remove only)
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 16
Ladbrokes Poker
Launchy 2.1.2
Logitech SetPoint
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
OpenOffice.org 3.1
PartyPoker
PdaNet Desktop (64 bit) for iPhone 1.54
PDFCreator
PokerStars
PokerStove version 1.23
PokerTracker 3 (remove only)
PostgreSQL 8.4
PunkBuster Services
Python 2.6.3
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
Sumatra PDF reader
TeamViewer 6
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
UltimateBet
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.0
VMware Workstation
WebEx
WebEx Productivity Tools
WinSCP plugin for FAR 1.6.2
==== Event Viewer Messages From Past Week ========
2011-02-27 8:56:35 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2011-02-27 8:43:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
2011-02-27 8:43:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2011-02-27 8:42:40 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2011-02-27 8:42:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2011-02-27 8:42:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2011-02-27 8:42:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2011-02-27 8:42:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2011-02-27 8:42:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2011-02-27 8:41:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx64 AvgMfx64 cmdGuard discache spldr vflt vpcvmm Wanarpv6
2011-02-25 10:30:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt
2011-02-25 10:30:16 AM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on \\?\Volume{3c544ee5-c012-11de-8ea0-806e6f6e6963} cannot be read.
2011-02-21 5:22:26 PM, Error: volsnap [35] - The shadow copies of volume E: were aborted because the shadow copy storage failed to grow.
==== End Of File ===========================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-10-23 1:32:38 PM
System Uptime: 2011-02-27 8:40:40 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2672/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 1.293 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 15.344 GiB free.
G: is Removable
H: is Removable
==== Disabled Device Manager Items =============
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Shrew Soft Lightweight Filter
Device ID: ROOT\LEGACY_VFLT\0000
Manufacturer:
Name: Shrew Soft Lightweight Filter
PNP Device ID: ROOT\LEGACY_VFLT\0000
Service: vflt
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
µTorrent
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
AutoHotkey 1.0.48.05
AVG Free 9.0
Betfair Poker
Betsafe Poker
Betsson Poker
Camtasia Studio 6
Cobian Backup 9
erLT
FreePHG V3.03
Full Tilt Poker
GIMP 2.6.8
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToMeeting 4.5.0.457
Heypoker
Holdem Manager
IrfanView (remove only)
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 16
Ladbrokes Poker
Launchy 2.1.2
Logitech SetPoint
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
OpenOffice.org 3.1
PartyPoker
PdaNet Desktop (64 bit) for iPhone 1.54
PDFCreator
PokerStars
PokerStove version 1.23
PokerTracker 3 (remove only)
PostgreSQL 8.4
PunkBuster Services
Python 2.6.3
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
Sumatra PDF reader
TeamViewer 6
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
UltimateBet
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.0
VMware Workstation
WebEx
WebEx Productivity Tools
WinSCP plugin for FAR 1.6.2
==== Event Viewer Messages From Past Week ========
2011-02-27 8:56:35 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2011-02-27 8:43:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
2011-02-27 8:43:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2011-02-27 8:42:40 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2011-02-27 8:42:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2011-02-27 8:42:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2011-02-27 8:42:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2011-02-27 8:42:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2011-02-27 8:42:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2011-02-27 8:41:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx64 AvgMfx64 cmdGuard discache spldr vflt vpcvmm Wanarpv6
2011-02-25 10:30:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vflt
2011-02-25 10:30:16 AM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on \\?\Volume{3c544ee5-c012-11de-8ea0-806e6f6e6963} cannot be read.
2011-02-21 5:22:26 PM, Error: volsnap [35] - The shadow copies of volume E: were aborted because the shadow copy storage failed to grow.
==== End Of File ===========================
02-27-2011
, 06:07 PM
AVG 9.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2010 AVG Technologies
Program version 9.0.870, engine 9.0.871
Virus Database: Version 271.1.1/3471 2011-02-27
C:\Documents and Settings\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
.... skip hundreds of messages like this about locked files
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
------------------------------------------------------------
Objects scanned : 635492
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
Copyright (c) 1992 - 2010 AVG Technologies
Program version 9.0.870, engine 9.0.871
Virus Database: Version 271.1.1/3471 2011-02-27
C:\Documents and Settings\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
.... skip hundreds of messages like this about locked files
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
------------------------------------------------------------
Objects scanned : 635492
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
02-27-2011
, 06:16 PM
Didn't check the hashes but the file syzes of 317952 and 98 bytes match what I have perfectly:
http://www.threatexpert.com/report.a...40643b632f7fc1
http://www.threatexpert.com/report.a...40643b632f7fc1
02-27-2011
, 06:20 PM
Or it could be this, which would be worse:
http://www.threatexpert.com/report.a...453fddd0f39275
http://www.threatexpert.com/report.a...453fddd0f39275
02-27-2011
, 06:20 PM
However, my hashes don't match them:
C:\dev\cygwin\bin>md5sum.exe bDpCcJi06308.really_bad_exe
e8c71cefa0f3ea742d63bbccd9d525c4 *bDpCcJi06308.really_bad_exe
C:\dev\cygwin\bin>sha1sum.exe bDpCcJi06308.really_bad_exe
acb0b639900dac6e3fa5f8dc8d30af71c8e4b412 *bDpCcJi06308.really_bad_exe
C:\dev\cygwin\bin>md5sum.exe bDpCcJi06308
56de8392667acbaf872e3b25e4dbe538 *bDpCcJi06308
C:\dev\cygwin\bin>sha1sum.exe bDpCcJi06308
6974cd43de6648074226fbf154e1cc316d676e1a *bDpCcJi06308
C:\dev\cygwin\bin>md5sum.exe bDpCcJi06308.really_bad_exe
e8c71cefa0f3ea742d63bbccd9d525c4 *bDpCcJi06308.really_bad_exe
C:\dev\cygwin\bin>sha1sum.exe bDpCcJi06308.really_bad_exe
acb0b639900dac6e3fa5f8dc8d30af71c8e4b412 *bDpCcJi06308.really_bad_exe
C:\dev\cygwin\bin>md5sum.exe bDpCcJi06308
56de8392667acbaf872e3b25e4dbe538 *bDpCcJi06308
C:\dev\cygwin\bin>sha1sum.exe bDpCcJi06308
6974cd43de6648074226fbf154e1cc316d676e1a *bDpCcJi06308
02-27-2011
, 06:25 PM
SAS also didn't manage to update DB (strange, as MBAB also hung up while downloading updates and didn't seem to go anywhere), and found nothing except for 650 tracking cookies.
02-27-2011
, 06:31 PM
And neither DrWeb or Kaspersky "online" scanners don't find anything wrong in that .exe file.
02-27-2011
, 06:40 PM
Reboot into normal mode. Running tasks don't show anything suspicious (it had bDpCcJi06308.exe running when I had the infection).
MBAB and SAS updated successfully now, running full scans on both. Will post another HJT log.
MBAB and SAS updated successfully now, running full scans on both. Will post another HJT log.
02-27-2011
, 06:43 PM
HJT complained about not being able to write to "hosts" file but I reviewed it and it is clean.
HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:06 PM, on 2011-02-27
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Cobian Backup 9\Cobian.exe
C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
C:\Program Files (x86)\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\temp\deleteme\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Far\Far.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8080/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6\bin\jp2ssv.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O4 - HKCU\..\Run: [Cobian Backup 9] "C:\Program Files (x86)\Cobian Backup 9\Cobian.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jurrr\AppData\Local\Google\Update\Google Update.exe" /c
O4 - HKCU\..\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe /AutoRunning="2"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8642832E-B2AC-4F4A-8898-922035ABA14D}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9053 bytes
HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:06 PM, on 2011-02-27
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Cobian Backup 9\Cobian.exe
C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
C:\Program Files (x86)\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\temp\deleteme\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Far\Far.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8080/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6\bin\jp2ssv.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O4 - HKCU\..\Run: [Cobian Backup 9] "C:\Program Files (x86)\Cobian Backup 9\Cobian.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jurrr\AppData\Local\Google\Update\Google Update.exe" /c
O4 - HKCU\..\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe /AutoRunning="2"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8642832E-B2AC-4F4A-8898-922035ABA14D}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9053 bytes
02-27-2011
, 06:48 PM
Pretty sure the add-in popup and then the popups saying it wants to connect to Internet occured as I visited the following eBay page in Firefox:
http://shop.ebay.co.uk/?_from=R40&_t...All-Categories
(not saying you should go there, but it is the last site in search history before I start googling for anti-malware topics)
I'm gonna go sleep now; looking forward to your advice on two topics:
a. Next steps? Ranging from "forget it and move on" to "clean reinstall everything" to "clean reinstall and never use Firefox and/or eBay again".
b. Thoughts on how I got infected? 100% sure I haven't executed any strange .exe-s; and I'm the only one with access to my system.
http://shop.ebay.co.uk/?_from=R40&_t...All-Categories
(not saying you should go there, but it is the last site in search history before I start googling for anti-malware topics)
I'm gonna go sleep now; looking forward to your advice on two topics:
a. Next steps? Ranging from "forget it and move on" to "clean reinstall everything" to "clean reinstall and never use Firefox and/or eBay again".
b. Thoughts on how I got infected? 100% sure I haven't executed any strange .exe-s; and I'm the only one with access to my system.
02-28-2011
, 03:20 AM
run otl and post logs
http://oldtimer.geekstogo.com/OTL.exe
download this and save to desktop
http://download.bleepingcomputer.com...l/MBRCheck.exe
run program
it will create log mbrcheckxxxxx.txt
post log here
http://oldtimer.geekstogo.com/OTL.exe
download this and save to desktop
http://download.bleepingcomputer.com...l/MBRCheck.exe
run program
it will create log mbrcheckxxxxx.txt
post log here
02-28-2011
, 04:46 AM
Updated MBAB found something of interest. It detected a Trojan.FakeAlert in the bDpCcJi06308.exe but also it found a file with the same length and only 4 byte difference in Java cache.
I think the PUP.Dealio and the rest are nothing to worry about. The stuff on E: doesn't get launched while booted into the system which currently is on C: and hasn't been launched in months.
The corresponding index file links to:
http://nalREMOVEmeron.cz.cc/out.php?...MCAQQHDQ==&p=1
I added the letters "REMOVE" in the middle so that noone would accidentally go there.
A quick google search on nalmeron.cz.cc shows that it is associated with malware infections through ads. Gonna add to hosts pointing to localhost just in case. And I disabled Java applets in Firefox.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5898
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
2011-02-28 8:41:11 AM
mbam-log-2011-02-28 (08-41-11).txt
Scan type: Full scan (C:\|E:\|)
Objects scanned: 710720
Time elapsed: 1 hour(s), 47 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\bdpccji06308_really_bad_virus\bdpcc ji06308.really_bad_exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Jurrr\AppData\LocalLow\Sun\Java\deploymen t\cache\6.0\25\582900d9-58bfec26 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\program files (x86)\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
e:\resources\installations\Office\vmware workstation 7\vmware_workstation_full_7_keygen_unsafe_rename_t o_exe.exe_ (Trojan.Agent.CK) -> Quarantined and deleted successfully.
e:\resources\installations\Utils\HTML\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
I think the PUP.Dealio and the rest are nothing to worry about. The stuff on E: doesn't get launched while booted into the system which currently is on C: and hasn't been launched in months.
The corresponding index file links to:
http://nalREMOVEmeron.cz.cc/out.php?...MCAQQHDQ==&p=1
I added the letters "REMOVE" in the middle so that noone would accidentally go there.
A quick google search on nalmeron.cz.cc shows that it is associated with malware infections through ads. Gonna add to hosts pointing to localhost just in case. And I disabled Java applets in Firefox.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5898
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
2011-02-28 8:41:11 AM
mbam-log-2011-02-28 (08-41-11).txt
Scan type: Full scan (C:\|E:\|)
Objects scanned: 710720
Time elapsed: 1 hour(s), 47 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\bdpccji06308_really_bad_virus\bdpcc ji06308.really_bad_exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Jurrr\AppData\LocalLow\Sun\Java\deploymen t\cache\6.0\25\582900d9-58bfec26 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\program files (x86)\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
e:\resources\installations\Office\vmware workstation 7\vmware_workstation_full_7_keygen_unsafe_rename_t o_exe.exe_ (Trojan.Agent.CK) -> Quarantined and deleted successfully.
e:\resources\installations\Utils\HTML\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
Last edited by Jurrr; 02-28-2011 at 05:09 AM.
02-28-2011
, 05:04 AM
OTL logfile created on: 2011-02-28 8:55:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Jurrr\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 3.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 1.02 Gb Free Space | 1.37% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 16.80 Gb Free Space | 1.80% Space Free | Partition Type: NTFS
Computer Name: DESKTOP | User Name: Jurrr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011-02-28 08:55:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jurrr\Desktop\OTL.exe
PRC - [2011-02-07 09:37:49 | 000,094,008 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\WebEx\Productivity Tools\ptsrv.exe
PRC - [2011-02-07 09:37:48 | 000,347,448 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe
PRC - [2010-12-12 07:29:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-12-07 10:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010-07-17 07:58:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgwdsvc.exe
PRC - [2010-06-22 08:06:17 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-04-08 15:03:10 | 000,214,480 | ---- | M] () -- C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
PRC - [2009-10-22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009-10-22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009-10-22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009-10-22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009-09-08 07:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009-09-08 07:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009-07-20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009-06-04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-06-04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009-01-22 11:38:32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files (x86)\Cobian Backup 9\cbInterface.exe
PRC - [2009-01-22 11:38:26 | 000,579,584 | ---- | M] (Luis Cobian) -- C:\Program Files (x86)\Cobian Backup 9\Cobian.exe
PRC - [2008-08-05 19:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
========== Modules (SafeList) ==========
MOD - [2011-02-28 08:55:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jurrr\Desktop\OTL.exe
MOD - [2010-08-21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010-08-26 01:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010-06-29 17:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010-03-24 16:36:49 | 001,083,144 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009-07-20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010-12-07 10:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010-07-17 07:58:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010-06-22 08:06:17 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-10-22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009-10-22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009-10-22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009-10-22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009-10-12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009-09-08 07:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010-11-06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010-08-26 03:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010-08-26 03:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-08-26 01:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-07-17 07:58:03 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010-06-03 07:39:05 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010-02-17 18:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010-02-17 18:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009-12-19 09:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-11-19 00:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009-11-19 00:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009-11-09 17:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009-10-22 05:01:10 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009-10-22 05:01:04 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009-10-22 05:00:58 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009-10-22 05:00:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009-10-22 03:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009-10-22 00:13:34 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2009-10-22 00:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009-10-22 00:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009-10-16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009-09-23 01:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009-09-23 01:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009-09-23 01:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009-09-23 01:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009-08-27 12:18:30 | 000,118,016 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2009-07-14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009-06-17 16:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009-06-17 16:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009-06-17 16:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009-06-17 16:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009-06-10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\IaStor.sys -- (iaStor)
DRV:64bit: - [2009-05-18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008-07-26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008-07-26 14:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008-07-26 14:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008-07-26 14:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2007-03-07 13:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV:64bit: - [2005-03-29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-10-12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8080/
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/iat/us_gb.aspx
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 5D 53 0E DF 53 CA 01 [binary data]
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.2
FF - prefs.js..extensions.enabledItems: izer@camelcamelcamel.com:1.4
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.2
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-12-12 07:29:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-12-23 09:42:38 | 000,000,000 | ---D | M]
[2009-10-23 12:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Extensions
[2011-02-26 10:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions
[2010-10-20 07:53:20 | 000,000,000 | ---D | M] ("FxIF") -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2009-12-14 12:09:14 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010-10-09 08:13:30 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010-06-22 08:04:46 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\eafo3fflauncher@ ea.com
[2010-10-09 08:13:31 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\foxmarks@kei.com
[2010-12-12 20:51:40 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\https-everywhere@eff.org
[2010-08-17 19:06:12 | 000,000,000 | ---D | M] (The Camelizer) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\izer@camelcamelc amel.com
[2010-06-25 20:40:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\piclens@cooliris .com
[2010-08-17 19:06:12 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\YoutubeDownloade r@PeterOlayev.com
[2010-09-13 12:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-12-22 15:46:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-10-22 02:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
O1 HOSTS File: ([2011-02-28 08:48:29 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 nalmeron.cz.cc
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6_x64\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\dev\Java\jre1.6_x64\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000..\Run: [Cobian Backup 9] C:\Program Files (x86)\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000..\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1001..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Jurrr\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8d38adeb-4d31-11df-b249-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{8d38adeb-4d31-11df-b249-005056c00008}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011-02-28 08:55:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Jurrr\Desktop\OTL.exe
[2011-02-27 21:55:24 | 000,000,000 | ---D | C] -- C:\Users\Jurrr\AppData\Roaming\SUPERAntiSpyware.co m
[2011-02-27 21:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011-02-27 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011-02-27 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011-02-27 21:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011-02-27 20:46:27 | 000,000,000 | ---D | C] -- C:\Users\Jurrr\AppData\Roaming\Malwarebytes
[2011-02-27 20:46:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-02-27 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-02-27 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-02-27 20:46:22 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-02-27 20:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-02-27 20:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\bDpCcJi06308_really_bad_virus
[2011-02-22 23:37:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011-02-22 23:37:34 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011-02-22 23:37:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011-02-22 23:37:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011-02-19 15:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011-02-19 15:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011-02-17 20:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011-02-08 22:18:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011-02-08 22:18:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011-02-08 22:18:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011-02-08 22:18:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011-02-08 22:18:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011-02-08 22:18:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011-02-08 22:18:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011-02-08 22:18:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011-02-08 22:18:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011-02-08 22:18:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011-02-08 22:18:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011-02-08 22:18:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011-02-08 22:17:41 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011-02-08 22:17:41 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011-02-08 22:17:41 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011-02-08 22:17:41 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011-02-08 22:17:40 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011-02-08 22:17:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011-02-08 22:17:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011-02-08 22:17:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011-02-08 22:17:39 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011-02-08 22:17:38 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011-02-08 22:17:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011-02-08 22:17:37 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011-02-08 22:17:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011-02-08 22:17:37 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011-02-08 22:17:36 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011-02-08 22:17:36 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011-02-08 22:17:36 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011-02-08 22:17:36 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011-02-08 22:17:36 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011-02-08 22:17:36 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011-02-08 22:17:35 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011-02-08 22:17:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011-02-28 08:55:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jurrr\Desktop\OTL.exe
[2011-02-28 08:53:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-02-28 08:52:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-28 08:32:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-02-28 08:28:15 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3363610435-3949054776-2021308246-1000UA.job
[2011-02-27 22:40:51 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-27 22:40:51 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-27 22:40:10 | 000,731,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-02-27 22:40:10 | 000,628,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-02-27 22:40:10 | 000,108,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-02-27 21:55:23 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-02-27 20:46:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-02-27 18:06:03 | 071,823,095 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011-02-27 09:28:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3363610435-3949054776-2021308246-1000Core.job
[2011-02-25 21:09:37 | 000,007,664 | ---- | M] () -- C:\Users\Jurrr\AppData\Local\resmon.resmoncfg
[2011-02-12 02:30:09 | 000,002,400 | ---- | M] () -- C:\Users\Jurrr\Desktop\Google Chrome.lnk
[2011-02-09 03:19:47 | 000,351,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-02-04 13:16:00 | 000,072,080 | ---- | M] () -- C:\Users\Jurrr\g2mdlhlpx.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011-02-27 21:55:23 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-02-27 20:46:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-02-19 15:27:06 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-02-19 15:27:06 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-22 08:06:33 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-06-22 08:06:17 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010-06-22 08:06:17 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010-06-15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-02-17 11:59:03 | 000,037,895 | ---- | C] () -- C:\Users\Jurrr\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010-02-17 11:52:41 | 000,037,889 | ---- | C] () -- C:\Users\Jurrr\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010-02-07 19:49:55 | 000,004,930 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009-12-09 12:17:26 | 000,007,680 | ---- | C] () -- C:\Users\Jurrr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-03 20:48:55 | 000,733,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009-10-29 07:49:46 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009-10-23 23:24:51 | 000,000,600 | ---- | C] () -- C:\Users\Jurrr\AppData\Roaming\winscp.rnd
[2009-10-23 20:52:10 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2009-10-23 20:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-10-23 13:34:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-10-23 13:16:35 | 000,007,664 | ---- | C] () -- C:\Users\Jurrr\AppData\Local\resmon.resmoncfg
[2009-07-14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
< End of report >
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Jurrr\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 3.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 1.02 Gb Free Space | 1.37% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 16.80 Gb Free Space | 1.80% Space Free | Partition Type: NTFS
Computer Name: DESKTOP | User Name: Jurrr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011-02-28 08:55:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jurrr\Desktop\OTL.exe
PRC - [2011-02-07 09:37:49 | 000,094,008 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\WebEx\Productivity Tools\ptsrv.exe
PRC - [2011-02-07 09:37:48 | 000,347,448 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe
PRC - [2010-12-12 07:29:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-12-07 10:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010-07-17 07:58:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgwdsvc.exe
PRC - [2010-06-22 08:06:17 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010-04-08 15:03:10 | 000,214,480 | ---- | M] () -- C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
PRC - [2009-10-22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009-10-22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009-10-22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009-10-22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009-09-08 07:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009-09-08 07:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009-07-20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009-06-04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-06-04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009-01-22 11:38:32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files (x86)\Cobian Backup 9\cbInterface.exe
PRC - [2009-01-22 11:38:26 | 000,579,584 | ---- | M] (Luis Cobian) -- C:\Program Files (x86)\Cobian Backup 9\Cobian.exe
PRC - [2008-08-05 19:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
========== Modules (SafeList) ==========
MOD - [2011-02-28 08:55:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jurrr\Desktop\OTL.exe
MOD - [2010-08-21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010-08-26 01:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010-06-29 17:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010-03-24 16:36:49 | 001,083,144 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009-07-20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010-12-07 10:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010-07-17 07:58:23 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010-06-22 08:06:17 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-10-22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009-10-22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009-10-22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009-10-22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009-10-12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009-09-08 07:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010-11-06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010-08-26 03:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010-08-26 03:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-08-26 01:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-07-17 07:58:03 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010-06-03 07:39:05 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010-02-17 18:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010-02-17 18:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009-12-19 09:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-11-19 00:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009-11-19 00:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009-11-09 17:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009-10-22 05:01:10 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009-10-22 05:01:04 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009-10-22 05:00:58 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009-10-22 05:00:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009-10-22 03:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009-10-22 00:13:34 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2009-10-22 00:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009-10-22 00:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009-10-16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009-09-23 01:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009-09-23 01:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009-09-23 01:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009-09-23 01:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009-08-27 12:18:30 | 000,118,016 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2009-07-14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009-06-17 16:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009-06-17 16:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009-06-17 16:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009-06-17 16:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009-06-10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\IaStor.sys -- (iaStor)
DRV:64bit: - [2009-05-18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008-07-26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008-07-26 14:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008-07-26 14:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008-07-26 14:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2007-03-07 13:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV:64bit: - [2005-03-29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-10-12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8080/
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/iat/us_gb.aspx
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 5D 53 0E DF 53 CA 01 [binary data]
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.2
FF - prefs.js..extensions.enabledItems: izer@camelcamelcamel.com:1.4
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.2
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-12-12 07:29:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-12-23 09:42:38 | 000,000,000 | ---D | M]
[2009-10-23 12:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Extensions
[2011-02-26 10:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions
[2010-10-20 07:53:20 | 000,000,000 | ---D | M] ("FxIF") -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2009-12-14 12:09:14 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010-10-09 08:13:30 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010-06-22 08:04:46 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\eafo3fflauncher@ ea.com
[2010-10-09 08:13:31 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\foxmarks@kei.com
[2010-12-12 20:51:40 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\https-everywhere@eff.org
[2010-08-17 19:06:12 | 000,000,000 | ---D | M] (The Camelizer) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\izer@camelcamelc amel.com
[2010-06-25 20:40:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\piclens@cooliris .com
[2010-08-17 19:06:12 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Jurrr\AppData\Roaming\Mozilla\Firefox\Pro files\ml3lvxcq.default\extensions\YoutubeDownloade r@PeterOlayev.com
[2010-09-13 12:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-12-22 15:46:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-10-22 02:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
O1 HOSTS File: ([2011-02-28 08:48:29 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 nalmeron.cz.cc
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6_x64\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\dev\Java\jre1.6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\dev\Java\jre1.6_x64\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000..\Run: [Cobian Backup 9] C:\Program Files (x86)\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000..\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-3363610435-3949054776-2021308246-1001..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Jurrr\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8d38adeb-4d31-11df-b249-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{8d38adeb-4d31-11df-b249-005056c00008}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011-02-28 08:55:13 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Jurrr\Desktop\OTL.exe
[2011-02-27 21:55:24 | 000,000,000 | ---D | C] -- C:\Users\Jurrr\AppData\Roaming\SUPERAntiSpyware.co m
[2011-02-27 21:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011-02-27 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011-02-27 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011-02-27 21:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011-02-27 20:46:27 | 000,000,000 | ---D | C] -- C:\Users\Jurrr\AppData\Roaming\Malwarebytes
[2011-02-27 20:46:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-02-27 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-02-27 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-02-27 20:46:22 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-02-27 20:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-02-27 20:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\bDpCcJi06308_really_bad_virus
[2011-02-22 23:37:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011-02-22 23:37:34 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011-02-22 23:37:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011-02-22 23:37:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011-02-19 15:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011-02-19 15:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011-02-17 20:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011-02-08 22:18:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011-02-08 22:18:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011-02-08 22:18:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011-02-08 22:18:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011-02-08 22:18:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011-02-08 22:18:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011-02-08 22:18:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011-02-08 22:18:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011-02-08 22:18:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011-02-08 22:18:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011-02-08 22:18:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011-02-08 22:18:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011-02-08 22:17:41 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011-02-08 22:17:41 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011-02-08 22:17:41 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011-02-08 22:17:41 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011-02-08 22:17:40 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011-02-08 22:17:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011-02-08 22:17:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011-02-08 22:17:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011-02-08 22:17:39 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011-02-08 22:17:38 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011-02-08 22:17:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011-02-08 22:17:37 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011-02-08 22:17:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011-02-08 22:17:37 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011-02-08 22:17:36 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011-02-08 22:17:36 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011-02-08 22:17:36 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011-02-08 22:17:36 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011-02-08 22:17:36 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011-02-08 22:17:36 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011-02-08 22:17:35 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011-02-08 22:17:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011-02-28 08:55:16 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jurrr\Desktop\OTL.exe
[2011-02-28 08:53:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-02-28 08:52:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-28 08:32:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-02-28 08:28:15 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3363610435-3949054776-2021308246-1000UA.job
[2011-02-27 22:40:51 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-27 22:40:51 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-27 22:40:10 | 000,731,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-02-27 22:40:10 | 000,628,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-02-27 22:40:10 | 000,108,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-02-27 21:55:23 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-02-27 20:46:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-02-27 18:06:03 | 071,823,095 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011-02-27 09:28:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3363610435-3949054776-2021308246-1000Core.job
[2011-02-25 21:09:37 | 000,007,664 | ---- | M] () -- C:\Users\Jurrr\AppData\Local\resmon.resmoncfg
[2011-02-12 02:30:09 | 000,002,400 | ---- | M] () -- C:\Users\Jurrr\Desktop\Google Chrome.lnk
[2011-02-09 03:19:47 | 000,351,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-02-04 13:16:00 | 000,072,080 | ---- | M] () -- C:\Users\Jurrr\g2mdlhlpx.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011-02-27 21:55:23 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011-02-27 20:46:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-02-19 15:27:06 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-02-19 15:27:06 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-22 08:06:33 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-06-22 08:06:17 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010-06-22 08:06:17 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010-06-15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-02-17 11:59:03 | 000,037,895 | ---- | C] () -- C:\Users\Jurrr\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010-02-17 11:52:41 | 000,037,889 | ---- | C] () -- C:\Users\Jurrr\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010-02-07 19:49:55 | 000,004,930 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009-12-09 12:17:26 | 000,007,680 | ---- | C] () -- C:\Users\Jurrr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-03 20:48:55 | 000,733,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009-10-29 07:49:46 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009-10-23 23:24:51 | 000,000,600 | ---- | C] () -- C:\Users\Jurrr\AppData\Roaming\winscp.rnd
[2009-10-23 20:52:10 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2009-10-23 20:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-10-23 13:34:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-10-23 13:16:35 | 000,007,664 | ---- | C] () -- C:\Users\Jurrr\AppData\Local\resmon.resmoncfg
[2009-07-14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
< End of report >
02-28-2011
, 05:11 AM
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000000dd
Kernel Drivers (total 185):
0x09C55000 \SystemRoot\system32\ntoskrnl.exe
0x09C0C000 \SystemRoot\system32\hal.dll
0x00BB8000 \SystemRoot\system32\kdcom.dll
0x00C53000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C97000 \SystemRoot\system32\PSHED.dll
0x00CAB000 \SystemRoot\system32\CLFS.SYS
0x00D09000 \SystemRoot\system32\CI.dll
0x00ED7000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F7B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F8A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FE1000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FEA000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EC6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00DC9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DD9000 \SystemRoot\System32\drivers\mountmgr.sys
0x010A7000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01232000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x01350000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01359000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01383000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0138E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01399000 \SystemRoot\system32\drivers\fltmgr.sys
0x013E5000 \SystemRoot\system32\drivers\fileinfo.sys
0x0143C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x015DF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016D5000 \SystemRoot\System32\Drivers\cng.sys
0x01748000 \SystemRoot\System32\drivers\pcw.sys
0x01759000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018D2000 \SystemRoot\system32\drivers\ndis.sys
0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A02000 \SystemRoot\System32\drivers\tcpip.sys
0x01763000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017AD000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0188B000 \SystemRoot\System32\Drivers\spldr.sys
0x01893000 \SystemRoot\System32\drivers\rdyboost.sys
0x019C4000 \SystemRoot\System32\Drivers\mup.sys
0x019D6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019DF000 \SystemRoot\system32\DRIVERS\disk.sys
0x0163A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01697000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01400000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x016C1000 \SystemRoot\System32\Drivers\Null.SYS
0x016CA000 \SystemRoot\System32\Drivers\Beep.SYS
0x01421000 \SystemRoot\System32\drivers\vga.sys
0x01200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0105E000 \SystemRoot\System32\drivers\watchdog.sys
0x0142F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01225000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0106E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01077000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01082000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011C3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011E1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x011EE000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x00C00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02E6F000 \SystemRoot\system32\drivers\afd.sys
0x02EF9000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02F04000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F0D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F33000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x02F47000 \SystemRoot\system32\DRIVERS\inspect.sys
0x02F5E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F6D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F88000 \SystemRoot\system32\drivers\vpcvmm.sys
0x02FDF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02FF3000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02E00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02E0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E5B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01093000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04053000 \SystemRoot\System32\drivers\discache.sys
0x04062000 \SystemRoot\System32\Drivers\dfsc.sys
0x04080000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04091000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x04099000 \SystemRoot\System32\Drivers\avgldx64.sys
0x040E0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04106000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0411C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A0A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0427D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04371000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043B7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x043DB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04166000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x041B5000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04267000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x043E8000 \SystemRoot\system32\DRIVERS\fdc.sys
0x043F5000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x04274000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x051C5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x051D5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x051EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04024000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05469000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05484000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x054A5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x054BF000 \SystemRoot\system32\DRIVERS\pnetmdm64.sys
0x054C8000 \SystemRoot\system32\drivers\modem.sys
0x054D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x054E6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x054F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x054F7000 \SystemRoot\system32\DRIVERS\ks.sys
0x0553A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0554C000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x05569000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x05578000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0557A000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x05582000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x0558C000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x05400000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0545A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x055C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06EAE000 \SystemRoot\system32\drivers\HdAudio.sys
0x06F0A000 \SystemRoot\system32\drivers\portcls.sys
0x06F47000 \SystemRoot\system32\drivers\drmk.sys
0x06F69000 \SystemRoot\system32\drivers\ksthunk.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x06F85000 \SystemRoot\System32\drivers\Dxapi.sys
0x06F91000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06F9F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06FAB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06FB4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06FC7000 \SystemRoot\System32\Drivers\usbaapl64.sys
0x06FD8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06FF5000 \SystemRoot\system32\drivers\LVUSBS64.sys
0x02A40000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
0x02CC0000 \SystemRoot\system32\DRIVERS\lv302a64.sys
0x02CC3000 \SystemRoot\system32\drivers\usbaudio.sys
0x02CDE000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x02D9E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x02DEE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02A19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02A22000 \SystemRoot\system32\DRIVERS\LEqdUsb.Sys
0x02DAC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02DBA000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x02DC5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02DD2000 \SystemRoot\system32\DRIVERS\LHidEqd.Sys
0x02DDA000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x06E00000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x06E14000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06E2F000 \SystemRoot\system32\drivers\luafv.sys
0x06E52000 \SystemRoot\system32\drivers\WudfPf.sys
0x06E73000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0x064F7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06528000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x06538000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0654D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06400000 \SystemRoot\system32\drivers\HTTP.sys
0x064C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06565000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0657D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x065AA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06E84000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x064E6000 \??\C:\Windows\system32\drivers\hcmon.sys
0x055E8000 \??\C:\Windows\system32\drivers\vmci.sys
0x0825B000 \??\C:\Windows\system32\drivers\vmx86.sys
0x08331000 \SystemRoot\System32\Drivers\adfs.SYS
0x08349000 \SystemRoot\system32\drivers\peauth.sys
0x083EF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08200000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0822D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0823F000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x08249000 \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
0x08A9E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08B05000 \SystemRoot\System32\DRIVERS\srv.sys
0x08B9B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x08A71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77C90000 \Windows\System32\ntdll.dll
0x47890000 \Windows\System32\smss.exe
0xFFFB0000 \Windows\System32\apisetschema.dll
0xFFC90000 \Windows\System32\autochk.exe
Processes (total 82):
0 System Idle Process
4 System
356 C:\Windows\System32\smss.exe
460 csrss.exe
552 C:\Windows\System32\wininit.exe
572 csrss.exe
580 C:\Program Files (x86)\AVG9\avgchsva.exe
588 C:\Program Files (x86)\AVG9\avgrsa.exe
652 C:\Program Files (x86)\AVG9\avgcsrva.exe
696 C:\Windows\System32\services.exe
704 C:\Windows\System32\lsass.exe
712 C:\Windows\System32\lsm.exe
680 C:\Windows\System32\winlogon.exe
1100 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1248 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1328 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\atiesrxx.exe
1432 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\svchost.exe
1628 C:\Windows\System32\svchost.exe
1736 WUDFHost.exe
1752 C:\Windows\System32\atieclxx.exe
1512 C:\Windows\System32\spoolsv.exe
1688 C:\Windows\System32\svchost.exe
2112 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2140 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2160 C:\Program Files (x86)\AVG9\avgwdsvc.exe
2188 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2228 C:\Windows\System32\svchost.exe
2264 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2332 C:\Windows\SysWOW64\PnkBstrA.exe
2452 C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
2480 C:\Windows\System32\svchost.exe
2512 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2572 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
2580 postgres.exe
2588 conhost.exe
2656 C:\Windows\SysWOW64\vmnat.exe
2724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2780 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2836 C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
2896 postgres.exe
2912 postgres.exe
2920 postgres.exe
2928 postgres.exe
3024 C:\Windows\SysWOW64\vmnetdhcp.exe
3136 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3260 C:\Windows\System32\SearchIndexer.exe
3592 WUDFHost.exe
3668 C:\Windows\System32\svchost.exe
3888 WmiPrvSE.exe
2396 C:\Windows\System32\taskhost.exe
3224 C:\Windows\System32\dwm.exe
2008 C:\Windows\explorer.exe
444 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1416 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
1952 C:\Program Files (x86)\Cobian Backup 9\Cobian.exe
2544 C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe
1288 C:\Program Files (x86)\Skype\Phone\Skype.exe
4104 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4256 C:\Program Files (x86)\Launchy\Launchy.exe
4292 C:\Program Files (x86)\WebEx\Productivity Tools\ptsrv.exe
4320 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4352 C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
4540 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
4612 C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
4408 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
5240 C:\Program Files\Windows Media Player\wmpnetwk.exe
5332 C:\Windows\System32\svchost.exe
5568 C:\Program Files (x86)\Cobian Backup 9\cbInterface.exe
5560 dllhost.exe
1092 C:\Windows\notepad.exe
6304 C:\Windows\System32\audiodg.exe
5772 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4288 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
6284 C:\Users\Jurrr\Desktop\OTL.exe
5516 dllhost.exe
6324 dllhost.exe
6784 E:\temp\MBRCheck.exe
4492 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: INTELSSDSA2M080G2GC, Rev: 2CV102G9
PhysicalDrive1 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000000dd
Kernel Drivers (total 185):
0x09C55000 \SystemRoot\system32\ntoskrnl.exe
0x09C0C000 \SystemRoot\system32\hal.dll
0x00BB8000 \SystemRoot\system32\kdcom.dll
0x00C53000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C97000 \SystemRoot\system32\PSHED.dll
0x00CAB000 \SystemRoot\system32\CLFS.SYS
0x00D09000 \SystemRoot\system32\CI.dll
0x00ED7000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F7B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F8A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FE1000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FEA000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EC6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00DC9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DD9000 \SystemRoot\System32\drivers\mountmgr.sys
0x010A7000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01232000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x01350000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01359000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01383000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0138E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01399000 \SystemRoot\system32\drivers\fltmgr.sys
0x013E5000 \SystemRoot\system32\drivers\fileinfo.sys
0x0143C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x015DF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016D5000 \SystemRoot\System32\Drivers\cng.sys
0x01748000 \SystemRoot\System32\drivers\pcw.sys
0x01759000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018D2000 \SystemRoot\system32\drivers\ndis.sys
0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A02000 \SystemRoot\System32\drivers\tcpip.sys
0x01763000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017AD000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0188B000 \SystemRoot\System32\Drivers\spldr.sys
0x01893000 \SystemRoot\System32\drivers\rdyboost.sys
0x019C4000 \SystemRoot\System32\Drivers\mup.sys
0x019D6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019DF000 \SystemRoot\system32\DRIVERS\disk.sys
0x0163A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01697000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01400000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x016C1000 \SystemRoot\System32\Drivers\Null.SYS
0x016CA000 \SystemRoot\System32\Drivers\Beep.SYS
0x01421000 \SystemRoot\System32\drivers\vga.sys
0x01200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0105E000 \SystemRoot\System32\drivers\watchdog.sys
0x0142F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01225000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0106E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01077000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01082000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011C3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011E1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x011EE000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x00C00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02E6F000 \SystemRoot\system32\drivers\afd.sys
0x02EF9000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02F04000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F0D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F33000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x02F47000 \SystemRoot\system32\DRIVERS\inspect.sys
0x02F5E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F6D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F88000 \SystemRoot\system32\drivers\vpcvmm.sys
0x02FDF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02FF3000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02E00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02E0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E5B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01093000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04053000 \SystemRoot\System32\drivers\discache.sys
0x04062000 \SystemRoot\System32\Drivers\dfsc.sys
0x04080000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04091000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x04099000 \SystemRoot\System32\Drivers\avgldx64.sys
0x040E0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04106000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0411C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A0A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0427D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04371000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043B7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x043DB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04166000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x041B5000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04267000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x043E8000 \SystemRoot\system32\DRIVERS\fdc.sys
0x043F5000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x04274000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x051C5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x051D5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x051EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04024000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05469000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05484000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x054A5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x054BF000 \SystemRoot\system32\DRIVERS\pnetmdm64.sys
0x054C8000 \SystemRoot\system32\drivers\modem.sys
0x054D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x054E6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x054F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x054F7000 \SystemRoot\system32\DRIVERS\ks.sys
0x0553A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0554C000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x05569000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x05578000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0557A000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x05582000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x0558C000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x05400000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0545A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x055C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06EAE000 \SystemRoot\system32\drivers\HdAudio.sys
0x06F0A000 \SystemRoot\system32\drivers\portcls.sys
0x06F47000 \SystemRoot\system32\drivers\drmk.sys
0x06F69000 \SystemRoot\system32\drivers\ksthunk.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x06F85000 \SystemRoot\System32\drivers\Dxapi.sys
0x06F91000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06F9F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06FAB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06FB4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06FC7000 \SystemRoot\System32\Drivers\usbaapl64.sys
0x06FD8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06FF5000 \SystemRoot\system32\drivers\LVUSBS64.sys
0x02A40000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
0x02CC0000 \SystemRoot\system32\DRIVERS\lv302a64.sys
0x02CC3000 \SystemRoot\system32\drivers\usbaudio.sys
0x02CDE000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x02D9E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x02DEE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02A19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02A22000 \SystemRoot\system32\DRIVERS\LEqdUsb.Sys
0x02DAC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02DBA000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x02DC5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02DD2000 \SystemRoot\system32\DRIVERS\LHidEqd.Sys
0x02DDA000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x06E00000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x06E14000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06E2F000 \SystemRoot\system32\drivers\luafv.sys
0x06E52000 \SystemRoot\system32\drivers\WudfPf.sys
0x06E73000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0x064F7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06528000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x06538000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0654D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06400000 \SystemRoot\system32\drivers\HTTP.sys
0x064C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06565000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0657D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x065AA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06E84000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x064E6000 \??\C:\Windows\system32\drivers\hcmon.sys
0x055E8000 \??\C:\Windows\system32\drivers\vmci.sys
0x0825B000 \??\C:\Windows\system32\drivers\vmx86.sys
0x08331000 \SystemRoot\System32\Drivers\adfs.SYS
0x08349000 \SystemRoot\system32\drivers\peauth.sys
0x083EF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08200000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0822D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0823F000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x08249000 \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
0x08A9E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08B05000 \SystemRoot\System32\DRIVERS\srv.sys
0x08B9B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x08A71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77C90000 \Windows\System32\ntdll.dll
0x47890000 \Windows\System32\smss.exe
0xFFFB0000 \Windows\System32\apisetschema.dll
0xFFC90000 \Windows\System32\autochk.exe
Processes (total 82):
0 System Idle Process
4 System
356 C:\Windows\System32\smss.exe
460 csrss.exe
552 C:\Windows\System32\wininit.exe
572 csrss.exe
580 C:\Program Files (x86)\AVG9\avgchsva.exe
588 C:\Program Files (x86)\AVG9\avgrsa.exe
652 C:\Program Files (x86)\AVG9\avgcsrva.exe
696 C:\Windows\System32\services.exe
704 C:\Windows\System32\lsass.exe
712 C:\Windows\System32\lsm.exe
680 C:\Windows\System32\winlogon.exe
1100 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1248 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1328 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\atiesrxx.exe
1432 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\svchost.exe
1628 C:\Windows\System32\svchost.exe
1736 WUDFHost.exe
1752 C:\Windows\System32\atieclxx.exe
1512 C:\Windows\System32\spoolsv.exe
1688 C:\Windows\System32\svchost.exe
2112 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2140 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2160 C:\Program Files (x86)\AVG9\avgwdsvc.exe
2188 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2228 C:\Windows\System32\svchost.exe
2264 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2332 C:\Windows\SysWOW64\PnkBstrA.exe
2452 C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
2480 C:\Windows\System32\svchost.exe
2512 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2572 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
2580 postgres.exe
2588 conhost.exe
2656 C:\Windows\SysWOW64\vmnat.exe
2724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2780 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2836 C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
2896 postgres.exe
2912 postgres.exe
2920 postgres.exe
2928 postgres.exe
3024 C:\Windows\SysWOW64\vmnetdhcp.exe
3136 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3260 C:\Windows\System32\SearchIndexer.exe
3592 WUDFHost.exe
3668 C:\Windows\System32\svchost.exe
3888 WmiPrvSE.exe
2396 C:\Windows\System32\taskhost.exe
3224 C:\Windows\System32\dwm.exe
2008 C:\Windows\explorer.exe
444 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1416 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
1952 C:\Program Files (x86)\Cobian Backup 9\Cobian.exe
2544 C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe
1288 C:\Program Files (x86)\Skype\Phone\Skype.exe
4104 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4256 C:\Program Files (x86)\Launchy\Launchy.exe
4292 C:\Program Files (x86)\WebEx\Productivity Tools\ptsrv.exe
4320 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4352 C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
4540 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
4612 C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
4408 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
5240 C:\Program Files\Windows Media Player\wmpnetwk.exe
5332 C:\Windows\System32\svchost.exe
5568 C:\Program Files (x86)\Cobian Backup 9\cbInterface.exe
5560 dllhost.exe
1092 C:\Windows\notepad.exe
6304 C:\Windows\System32\audiodg.exe
5772 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4288 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
6284 C:\Users\Jurrr\Desktop\OTL.exe
5516 dllhost.exe
6324 dllhost.exe
6784 E:\temp\MBRCheck.exe
4492 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: INTELSSDSA2M080G2GC, Rev: 2CV102G9
PhysicalDrive1 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
02-28-2011
, 05:34 AM
OTL Extras logfile created on: 2011-02-28 8:55:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Jurrr\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 3.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 1.02 Gb Free Space | 1.37% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 16.80 Gb Free Space | 1.80% Space Free | Partition Type: NTFS
Computer Name: DESKTOP | User Name: Jurrr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11849FBC-C416-4742-8279-17C3A2C85F72}" = Microsoft Lync 2010
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{2C22EA92-CB30-4932-0050-000001000000}" = InfraRecorder 0.50 (x64 edition)
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{64A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16 (64-bit)
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B85B1A3C-E404-44E5-A0E1-C4D0438A49C1}" = Adobe Photoshop Lightroom 2.5 64-bit
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"COMODO Internet Security" = COMODO Internet Security
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{3d9ac095-e115-4e94-bdef-7f7edf17697d}" = Python 2.6.3
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPROR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1A2073C-33FC-4890-86E2-FE7D2B8AFE0F}" = Betfair Poker
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7E2D757-1116-42CC-A6CA-04788EED5FED}" = WebEx Productivity Tools
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"AVG9Uninstall" = AVG Free 9.0
"Betsafe Poker_is1" = Betsafe Poker
"Betsson Poker_is1" = Betsson Poker
"CobBackup9" = Cobian Backup 9
"Heypoker_is1" = Heypoker
"IrfanView" = IrfanView (remove only)
"Ladbrokes Poker" = Ladbrokes Poker
"Launchy_21344213_is1" = Launchy 2.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PartyPoker" = PartyPoker
"PdaNet_is1" = PdaNet Desktop (64 bit) for iPhone 1.54
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PostgreSQL 8.4" = PostgreSQL 8.4
"PRJPROR" = Microsoft Office Project Professional 2007
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"SumatraPDF" = Sumatra PDF reader
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.0
"VMware_Workstation" = VMware Workstation
"WinGimp-2.0_is1" = GIMP 2.6.8
"winscpfar_is1" = WinSCP plugin for FAR 1.6.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"ActiveTouchMeetingClient" = WebEx
"FreePHG V3.03" = FreePHG V3.03
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"UltimateBet" = UltimateBet
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2011-02-27 4:45:25 AM | Computer Name = Desktop | Source = PostgreSQL | ID = 0
Description = 2011-02-27 08:45:25 GMTERROR: duplicate key value violates unique
constraint "uniqueserial" 2011-02-27 08:45:25 GMTSTATEMENT: EXECUTE PKHEXECUTE(3795198828,3,to_timestamp('02-26-2011
09:29:24','MM/DD/YYYY HH24:MI:SS'),7269,105,3,2,2,2,2,3,9,14,32,6,37,380 0,200,4000,4000,4000,4000,0,32,32,1,2,False,2,0,0, 0,14,14,14,-1,0,1,0);
select currval('pokerhands_pokerhand_id_seq')
Error - 2011-02-27 4:45:25 AM | Computer Name = Desktop | Source = PostgreSQL | ID = 0
Description = 2011-02-27 08:45:25 GMTERROR: duplicate key value violates unique
constraint "uniqueserial" 2011-02-27 08:45:25 GMTSTATEMENT: EXECUTE PKHEXECUTE(3795199131,3,to_timestamp('02-26-2011
09:29:51','MM/DD/YYYY HH24:MI:SS'),7269,105,3,2,2,2,2,1,39,17,6,37,50,38 95,205,4100,4100,4100,4100,0,0,32,1,2,False,2,0,0, 0,13,13,13,-1,5,0,0);
select currval('pokerhands_pokerhand_id_seq')
Error - 2011-02-27 11:44:07 AM | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Faulting application name: HMHud.exe, version: 1.0.0.1, time stamp:
0x4c66b13f Faulting module name: HMHud.exe, version: 1.0.0.1, time stamp: 0x4c66b13f
Exception
code: 0xc0000417 Fault offset: 0x0004088e Faulting process id: 0x1dc4 Faulting application
start time: 0x01cbd658e5800473 Faulting application path: C:\Games\Holdem Manager\HMHud.exe
Faulting
module path: C:\Games\Holdem Manager\HMHud.exe Report Id: 6925cfd4-4288-11e0-b591-005056c00008
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 544: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 548: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 552: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 520: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 516: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 8:46:16 PM | Computer Name = Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\dev\Python\Python26\Lib\distutils\command\wini nst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 2011-02-28 4:52:17 AM | Computer Name = Desktop | Source = PostgreSQL | ID = 0
Description = 2011-02-28 08:52:17 GMTFATAL: the database system is starting up
[ OSession Events ]
Error - 2010-06-27 7:58:31 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2010-08-05 9:55:16 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2010-10-26 4:33:16 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3803
seconds with 1500 seconds of active time. This session ended with a crash.
Error - 2011-02-04 1:08:56 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2011-02-04 3:28:40 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2011-02-10 6:19:55 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 2011-02-27 4:42:40 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 2011-02-27 4:42:40 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 2011-02-27 4:43:45 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =
Error - 2011-02-27 4:43:45 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =
Error - 2011-02-27 6:06:32 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =
Error - 2011-02-27 6:33:43 PM | Computer Name = Desktop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{3c544ee5-c012-11de-8ea0-806e6f6e6963}
cannot be read.
Error - 2011-02-27 6:33:49 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt
Error - 2011-02-28 4:43:22 AM | Computer Name = Desktop | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 2011-02-28 4:52:16 AM | Computer Name = Desktop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{3c544ee5-c012-11de-8ea0-806e6f6e6963}
cannot be read.
Error - 2011-02-28 4:52:22 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt
< End of report >
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Jurrr\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 3.00 Gb Available in Paging File | 45.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 1.02 Gb Free Space | 1.37% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 16.80 Gb Free Space | 1.80% Space Free | Partition Type: NTFS
Computer Name: DESKTOP | User Name: Jurrr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11849FBC-C416-4742-8279-17C3A2C85F72}" = Microsoft Lync 2010
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{2C22EA92-CB30-4932-0050-000001000000}" = InfraRecorder 0.50 (x64 edition)
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{64A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16 (64-bit)
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B85B1A3C-E404-44E5-A0E1-C4D0438A49C1}" = Adobe Photoshop Lightroom 2.5 64-bit
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"COMODO Internet Security" = COMODO Internet Security
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{3d9ac095-e115-4e94-bdef-7f7edf17697d}" = Python 2.6.3
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPROR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1A2073C-33FC-4890-86E2-FE7D2B8AFE0F}" = Betfair Poker
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7E2D757-1116-42CC-A6CA-04788EED5FED}" = WebEx Productivity Tools
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"AVG9Uninstall" = AVG Free 9.0
"Betsafe Poker_is1" = Betsafe Poker
"Betsson Poker_is1" = Betsson Poker
"CobBackup9" = Cobian Backup 9
"Heypoker_is1" = Heypoker
"IrfanView" = IrfanView (remove only)
"Ladbrokes Poker" = Ladbrokes Poker
"Launchy_21344213_is1" = Launchy 2.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PartyPoker" = PartyPoker
"PdaNet_is1" = PdaNet Desktop (64 bit) for iPhone 1.54
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PostgreSQL 8.4" = PostgreSQL 8.4
"PRJPROR" = Microsoft Office Project Professional 2007
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"SumatraPDF" = Sumatra PDF reader
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.0
"VMware_Workstation" = VMware Workstation
"WinGimp-2.0_is1" = GIMP 2.6.8
"winscpfar_is1" = WinSCP plugin for FAR 1.6.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3363610435-3949054776-2021308246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"ActiveTouchMeetingClient" = WebEx
"FreePHG V3.03" = FreePHG V3.03
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"UltimateBet" = UltimateBet
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2011-02-27 4:45:25 AM | Computer Name = Desktop | Source = PostgreSQL | ID = 0
Description = 2011-02-27 08:45:25 GMTERROR: duplicate key value violates unique
constraint "uniqueserial" 2011-02-27 08:45:25 GMTSTATEMENT: EXECUTE PKHEXECUTE(3795198828,3,to_timestamp('02-26-2011
09:29:24','MM/DD/YYYY HH24:MI:SS'),7269,105,3,2,2,2,2,3,9,14,32,6,37,380 0,200,4000,4000,4000,4000,0,32,32,1,2,False,2,0,0, 0,14,14,14,-1,0,1,0);
select currval('pokerhands_pokerhand_id_seq')
Error - 2011-02-27 4:45:25 AM | Computer Name = Desktop | Source = PostgreSQL | ID = 0
Description = 2011-02-27 08:45:25 GMTERROR: duplicate key value violates unique
constraint "uniqueserial" 2011-02-27 08:45:25 GMTSTATEMENT: EXECUTE PKHEXECUTE(3795199131,3,to_timestamp('02-26-2011
09:29:51','MM/DD/YYYY HH24:MI:SS'),7269,105,3,2,2,2,2,1,39,17,6,37,50,38 95,205,4100,4100,4100,4100,0,0,32,1,2,False,2,0,0, 0,13,13,13,-1,5,0,0);
select currval('pokerhands_pokerhand_id_seq')
Error - 2011-02-27 11:44:07 AM | Computer Name = Desktop | Source = Application Error | ID = 1000
Description = Faulting application name: HMHud.exe, version: 1.0.0.1, time stamp:
0x4c66b13f Faulting module name: HMHud.exe, version: 1.0.0.1, time stamp: 0x4c66b13f
Exception
code: 0xc0000417 Fault offset: 0x0004088e Faulting process id: 0x1dc4 Faulting application
start time: 0x01cbd658e5800473 Faulting application path: C:\Games\Holdem Manager\HMHud.exe
Faulting
module path: C:\Games\Holdem Manager\HMHud.exe Report Id: 6925cfd4-4288-11e0-b591-005056c00008
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 544: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 548: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 552: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 520: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 4:36:58 PM | Computer Name = Desktop | Source = Bonjour Service | ID = 100
Description = 516: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 2011-02-27 8:46:16 PM | Computer Name = Desktop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\dev\Python\Python26\Lib\distutils\command\wini nst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86 ",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v ersion="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 2011-02-28 4:52:17 AM | Computer Name = Desktop | Source = PostgreSQL | ID = 0
Description = 2011-02-28 08:52:17 GMTFATAL: the database system is starting up
[ OSession Events ]
Error - 2010-06-27 7:58:31 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2010-08-05 9:55:16 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2010-10-26 4:33:16 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3803
seconds with 1500 seconds of active time. This session ended with a crash.
Error - 2011-02-04 1:08:56 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2011-02-04 3:28:40 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2011-02-10 6:19:55 AM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 2011-02-27 4:42:40 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 2011-02-27 4:42:40 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 2011-02-27 4:43:45 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =
Error - 2011-02-27 4:43:45 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =
Error - 2011-02-27 6:06:32 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =
Error - 2011-02-27 6:33:43 PM | Computer Name = Desktop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{3c544ee5-c012-11de-8ea0-806e6f6e6963}
cannot be read.
Error - 2011-02-27 6:33:49 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt
Error - 2011-02-28 4:43:22 AM | Computer Name = Desktop | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 2011-02-28 4:52:16 AM | Computer Name = Desktop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{3c544ee5-c012-11de-8ea0-806e6f6e6963}
cannot be read.
Error - 2011-02-28 4:52:22 AM | Computer Name = Desktop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt
< End of report >
02-28-2011
, 05:43 AM
So I think there was a rogue ad at eBay which used a Java applet security hole to install mal-ware.
Is my system clean now?
Is my system clean now?
02-28-2011
, 07:22 AM
keygens hmmm???
system is clean or it is not clean, that is the question.
system is clean or it is not clean, that is the question.
02-28-2011
, 07:34 AM
Yeah - what do you think?
02-28-2011
, 07:39 AM
i think that you must not use keygens
02-28-2011
, 10:06 AM
I haven't used them on this system ever; haven't used them for months if not years. The keygens on drive E: are from long time ago and haven't been used for ages.
So do you think I'm clean now or not?
So do you think I'm clean now or not?
02-28-2011
, 11:41 AM
did you shower this morning?
Feedback is used for internal purposes. LEARN MORE
Powered by:
Hand2Note
Copyright ©2008-2022, Hand2Note Interactive LTD