Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
7 Pages V   1 2 3 > »   
 Closed TopicStart new topic
Malware On my computer (help please) [Solved]
onkaloonka
post Nov 7 2009, 10:14 AM
Post #1


Member
**
Posts: 57
From: USA :)
OS: Vista home premium
Hey,

I have malware on my computer that I cant seem to get rid of.
I dled the MBAM thing but when I press scan now, it just disapears.

If you need anymore information please reply.

Thanks,

Zach
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 7 2009, 10:45 AM
Post #2


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
Hi could you run these two programmes so that I can see what you have

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from the following location and save it to your desktop.
  2. Extract RootRepeal.exe from the archive.
  3. Open on your desktop.
  4. Click the tab.
  5. Click the button.
  6. Check all seven boxes:
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Go to the top of the page
 
+Quote Post
onkaloonka
post Nov 7 2009, 10:59 AM
Post #3


Member
**
Posts: 57
From: USA :)
OS: Vista home premium
Edit: One sec for the first one.
Edit2: when I run the first program it does not create a .txt on my desktop.

Okay I followed the instructions exactly(for the second program),
When the scan was done it just disapeared and no .txt file was created.


Also, I ran OTL heres the report:

This post has been edited by onkaloonka: Nov 7 2009, 11:11 AM
Attached File(s)
Attached File  Extras.Txt ( 85.76K ) Number of downloads: 15
Attached File  OTL.Txt ( 114.58K ) Number of downloads: 31
 
Go to the top of the page
 
+Quote Post
onkaloonka
post Nov 7 2009, 11:25 AM
Post #4


Member
**
Posts: 57
From: USA :)
OS: Vista home premium
Anyway you know of that I can run those programs?
OTL logfile created on: 11/7/2009 11:31:51 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Bluhm Bros\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 86.99% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 184.79 Gb Free Space | 64.34% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUHMBROS-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/07 11:28:53 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Bluhm Bros\Downloads\OTL.exe
PRC - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/10/13 06:02:19 | 00,032,838 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2009/10/13 06:02:19 | 00,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2009/10/13 06:02:19 | 00,024,688 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2009/09/08 21:11:44 | 00,856,064 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2009/08/11 10:45:08 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2009/07/10 12:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 10:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/17 18:01:12 | 00,247,152 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2009/03/23 15:54:42 | 00,023,840 | ---- | M] (Apache Software Foundation) -- C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe
PRC - [2009/03/23 15:54:42 | 00,023,840 | ---- | M] (Apache Software Foundation) -- C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 16:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/09 09:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/10/06 11:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/09/23 20:21:52 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008/08/01 18:14:02 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/07/31 16:26:40 | 00,575,488 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008/07/11 13:31:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe
PRC - [2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008/06/09 13:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/06/09 13:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2008/05/01 18:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/04/17 13:05:10 | 01,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/04/03 13:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/01/20 21:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2008/01/20 21:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2008/01/20 21:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/17 18:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe
PRC - [2007/05/08 18:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2009/11/07 11:28:53 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Bluhm Bros\Downloads\OTL.exe
MOD - [2008/01/20 21:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (VisualSVNServer)
SRV - [2009/11/06 16:06:45 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/10/26 14:49:05 | 02,309,520 | ---- | M] () -- c:\Program Files\Common Files\Akamai\rswin_3600.dll -- (Akamai)
SRV - [2009/10/13 06:02:19 | 00,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/09/21 07:01:12 | 01,028,432 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/08 21:11:44 | 00,856,064 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/08/11 10:45:08 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/17 18:01:12 | 00,247,152 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo)
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/02/06 16:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 09:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/10/06 11:54:52 | 00,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/11 13:31:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/19 20:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/06/09 13:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/05/05 17:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/01 18:25:56 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/04/03 13:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/20 21:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/17 18:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\..\URLSearchHook: {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files\freevideomaster\tbfree.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files\freevideomaster\tbfree.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 02:01:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/12 20:25:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/13 06:02:21 | 00,000,000 | ---D | M]

[2009/09/18 17:55:09 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\mozilla\Firefox\extensions
[2009/09/18 17:55:09 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/18 14:00:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/18 11:53:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/18 14:00:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/15 15:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/07/15 15:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/21 10:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/13 06:02:19 | 00,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
[2009/07/15 15:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/08/14 11:04:47 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/07/25 19:11:03 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/07/15 13:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/15 13:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/15 13:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/15 13:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/15 13:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/15 13:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/15 13:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (freevideomaster Toolbar) - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files\freevideomaster\tbfree.dll File not found
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (freevideomaster Toolbar) - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files\freevideomaster\tbfree.dll File not found
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (freevideomaster Toolbar) - {01DFD24D-73EB-497F-8DFD-7EA79365AF4A} - C:\Program Files\freevideomaster\tbfree.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Innerpass] C:\ProgramData\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe (InnerPass, Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [PopRock] C:\Users\ADMINI~1.BLU\AppData\Local\Temp\b.exe File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [sl1000] C:\Users\ADMINI~1.BLU\AppData\Local\TempImages\sl1000.exe (Verify App Ver)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Application Restart #3] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [DAEMON Tools Lite 4.30.4.0027 Setup] C:\Users\Bluhm Bros\Downloads\daemon4304-lite.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (FrostWire Group)
O4 - Startup: C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Search - File not found
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.158.63.8 24.158.63.9 24.197.97.136
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d32d1ea-230b-11de-ab15-001f1657800a}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{e125049d-0b42-11de-9432-001f1657800a}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2008/01/20 21:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/07 08:31:49 | 00,000,000 | ---D | C] -- C:\.jagex_cache_32
[2009/11/07 08:19:38 | 00,000,000 | ---D | C] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Malwarebytes
[2009/11/07 08:19:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/07 08:19:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/07 08:19:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/07 08:19:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/07 08:19:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/06 16:11:14 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/11/06 16:09:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/11/05 03:38:12 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2009/10/31 15:25:02 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2009/10/31 14:25:31 | 00,000,000 | ---D | C] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\AVG8
[2009/10/31 14:19:46 | 00,000,000 | ---D | C] -- C:\Users\Administrator.BluhmBros-PC\Documents\Simply Super Software
[2009/10/31 14:19:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2009/10/31 14:19:26 | 00,000,000 | ---D | C] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Simply Super Software
[2009/10/31 14:19:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2009/10/31 14:19:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2009/10/31 14:09:44 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/10/31 14:09:22 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/10/31 14:07:27 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/31 14:07:27 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/31 14:01:34 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/10/31 14:01:34 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/10/29 16:26:08 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/10/29 06:05:35 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/10/29 06:05:35 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/10/28 20:21:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/10/28 19:44:31 | 00,000,000 | ---D | C] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\DAEMON Tools Lite
[2009/10/28 19:26:14 | 00,094,208 | ---- | C] (VSO Software) -- C:\Windows\System32\drivers\ezplay.sys
[2009/10/28 19:26:14 | 00,094,208 | ---- | C] (VSO Software) -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.sys
[2009/10/28 19:24:57 | 00,047,360 | ---- | C] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/10/28 19:24:57 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\pcouffin.sys
[2009/10/28 19:24:57 | 00,000,000 | ---D | C] -- C:\Users\Administrator.BluhmBros-PC\Documents\PcSetup
[2009/10/28 19:24:57 | 00,000,000 | ---D | C] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Vso
[2009/10/28 19:24:54 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009/10/28 18:43:14 | 00,107,864 | ---- | C] (TechSmith Corporation) -- C:\Windows\System32\tsccvid.dll
[2009/10/28 18:43:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2009/10/28 18:42:52 | 00,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2009/10/28 18:42:52 | 00,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2009/10/28 18:41:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2009/10/28 18:41:55 | 00,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2009/10/26 14:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/26 14:44:40 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/10/26 14:44:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/26 14:44:12 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/10/26 14:22:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

========== Files - Modified Within 14 Days ==========

[2009/11/07 11:31:36 | 02,359,296 | -HS- | M] () -- C:\Users\Administrator.BluhmBros-PC\ntuser.dat
[2009/11/07 10:14:12 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/07 10:14:12 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/07 08:22:31 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 08:21:26 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/07 08:21:26 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/07 08:21:26 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/07 08:19:19 | 00,524,288 | -HS- | M] () -- C:\Users\Administrator.BluhmBros-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/07 08:19:19 | 00,065,536 | -HS- | M] () -- C:\Users\Administrator.BluhmBros-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/07 08:15:34 | 00,000,214 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/11/07 08:15:34 | 00,000,214 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/11/07 08:14:18 | 00,350,192 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2009/11/07 08:14:18 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/07 08:14:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/07 08:14:15 | 00,097,692 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/07 08:14:15 | 00,097,692 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/07 08:14:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/07 08:14:03 | 00,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2009/11/07 08:13:53 | 29,510,65600 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/07 08:12:33 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/06 18:13:54 | 02,434,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/06 16:52:35 | 00,097,692 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/06 16:52:35 | 00,097,692 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/05 03:38:13 | 00,000,807 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2009/11/03 15:47:41 | 00,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBluhm Bros.job
[2009/11/03 15:37:31 | 00,002,107 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\Desktop\CyberLink PowerDirector.lnk
[2009/10/31 14:09:21 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2009/10/31 14:07:20 | 00,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/10/29 14:49:00 | 00,096,256 | -HS- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\install.config.exe
[2009/10/28 19:45:11 | 00,721,904 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/28 19:26:15 | 00,087,608 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\inst.exe
[2009/10/28 19:26:15 | 00,007,861 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.cat
[2009/10/28 19:26:14 | 00,094,208 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\ezplay.sys
[2009/10/28 19:26:14 | 00,094,208 | ---- | M] (VSO Software) -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.sys
[2009/10/28 19:26:14 | 00,001,103 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.inf
[2009/10/28 19:26:14 | 00,000,125 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.ini
[2009/10/28 19:24:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/10/28 19:24:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\pcouffin.sys
[2009/10/28 19:24:57 | 00,007,887 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\pcouffin.cat
[2009/10/28 19:24:57 | 00,001,144 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\pcouffin.inf
[2009/10/28 19:24:57 | 00,000,809 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\Desktop\BlindWrite 6.lnk
[2009/10/28 18:42:50 | 00,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk
[2009/10/26 14:21:46 | 00,081,448 | ---- | M] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2009/11/07 08:19:35 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/03 15:37:31 | 00,002,107 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\Desktop\CyberLink PowerDirector.lnk
[2009/10/31 14:19:28 | 00,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009/10/31 14:19:28 | 00,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2009/10/31 14:19:28 | 00,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009/10/31 14:19:28 | 00,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2009/10/31 14:07:20 | 00,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/10/29 14:49:02 | 00,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/10/29 14:48:58 | 00,096,256 | -HS- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\install.config.exe
[2009/10/28 19:45:09 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/28 19:27:00 | 00,000,034 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.log
[2009/10/28 19:26:14 | 00,007,861 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.cat
[2009/10/28 19:26:14 | 00,001,103 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.inf
[2009/10/28 19:26:14 | 00,000,125 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.ini
[2009/10/28 19:26:14 | 00,000,034 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\pcouffin.log
[2009/10/28 19:24:57 | 00,087,608 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\inst.exe
[2009/10/28 19:24:57 | 00,007,887 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\pcouffin.cat
[2009/10/28 19:24:57 | 00,001,144 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\pcouffin.inf
[2009/10/28 19:24:57 | 00,000,809 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\Desktop\BlindWrite 6.lnk
[2009/10/28 18:42:50 | 00,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 6.lnk
[2009/10/10 12:56:41 | 00,000,080 | RHS- | C] () -- C:\Windows\System32\BF58954A04.dll
[2009/09/12 15:41:45 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/12 15:41:45 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/08/11 10:45:26 | 00,139,152 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\PnkBstrK.sys
[2009/08/11 10:45:26 | 00,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/08 08:19:35 | 00,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009/05/14 16:44:59 | 00,057,856 | ---- | C] () -- C:\Windows\Fce32.dll
[2009/05/14 16:44:57 | 00,092,672 | ---- | C] () -- C:\Windows\System32\See32.dll
[2009/05/14 16:44:57 | 00,057,856 | ---- | C] () -- C:\Windows\System32\Fce32.dll
[2009/05/06 18:04:34 | 00,000,006 | -HS- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\desktop.ini
[2009/05/06 18:04:34 | 00,000,006 | -HS- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\desktop.ini
[2009/04/09 13:03:13 | 00,018,432 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 20:24:35 | 00,000,680 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\d3d9caps.dat
[2009/04/06 19:27:27 | 03,783,306 | -H-- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\IconCache.db
[2009/04/06 19:21:40 | 00,000,000 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\QSwitch.txt
[2009/04/06 19:21:40 | 00,000,000 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\DSwitch.txt
[2009/04/06 19:21:40 | 00,000,000 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\AtStart.txt
[2009/04/06 19:21:19 | 00,081,448 | ---- | C] () -- C:\Users\Administrator.BluhmBros-PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/03/07 08:03:36 | 00,097,692 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/07 07:57:46 | 00,097,692 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/18 11:39:15 | 00,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/01/08 20:04:19 | 00,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/08 20:04:06 | 00,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/08 20:03:35 | 00,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/08 20:02:55 | 00,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/08 20:01:26 | 00,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/08 20:00:46 | 00,000,214 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/28 08:53:44 | 00,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/28 08:47:35 | 00,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/28 08:45:26 | 00,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/28 08:43:55 | 00,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 21:23:00 | 00,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:43:04 | 00,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/04/09 12:45:23 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\acccore
[2009/10/31 14:05:03 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\DAEMON Tools Lite
[2009/10/10 12:56:57 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\DJJava
[2009/08/26 02:08:16 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\DNA
[2009/07/02 08:56:30 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Easy Macro Recorder
[2009/07/08 16:04:49 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\FileZilla
[2009/10/03 19:51:48 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\FrostWire
[2009/08/12 07:15:29 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\godzHell
[2009/07/08 16:01:13 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\gtk-2.0
[2009/04/06 19:21:55 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\HotSync
[2009/07/10 18:39:13 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\SecondLife
[2009/04/13 12:10:20 | 00,000,000 | RH-D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\SecuROM
[2009/10/31 14:19:26 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Simply Super Software
[2009/04/06 19:22:05 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Skinux
[2009/04/06 19:32:03 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Subversion
[2009/10/03 20:37:49 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\uTorrent
[2009/10/28 19:27:00 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\Vso
[2009/04/14 06:21:42 | 00,000,000 | ---D | M] -- C:\Users\Administrator.BluhmBros-PC\AppData\Roaming\WildTangent
[2009/11/07 08:14:18 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/11/07 08:14:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/07 08:12:33 | 00,032,616 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/06/06 14:03:52 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\System32\scecli.dll
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\System32\netlogon.dll
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 04:46:03 | 00,061,952 | ---- | M] () MD5=6CD7F13B1F144218B0CBF0FBC8ACC564 -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\logevent.dll

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/10/28 07:53:26 | 00,021,560 | ---- | M] () MD5 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/10/28 07:53:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008/10/28 07:53:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/10/28 07:53:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/10/28 07:53:26 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0050.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0049.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0048.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0043.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0042.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0041.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0040.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0039.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0036.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0026.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0018.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Administrator.BluhmBros-PC\Documents\clip0001.avi:TOC.WMV
< End of report >
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 7 2009, 01:38 PM
Post #5


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
That gave me sufficient information to commence a fix. This is a big fix as I try to kill it in one go copy this post to a text file for reference if needed


QUOTE
@echo off
copy C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll c:\
exit

First you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat

This will create a batch file

Then run fix.bat by double clicking you may see a black box appear this is normal

THEN

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.


NEXT


1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

CODE
Begin copying here:

Files to move:
C:\cngaudit.dll | C:\WINDOWS\System32\cngaudit.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

NEARLY DONE

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    PRC - [2009/10/13 06:02:19 | 00,032,838 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    PRC - [2009/10/13 06:02:19 | 00,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    PRC - [2009/10/13 06:02:19 | 00,024,688 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    SRV - [2009/10/26 14:49:05 | 02,309,520 | ---- | M] () -- c:\Program Files\Common Files\Akamai\rswin_3600.dll -- (Akamai)
    SRV - [2009/10/13 06:02:19 | 00,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    IE - HKCU\..\URLSearchHook: {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files\freevideomaster\tbfree.dll File not found
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    O2 - BHO: (freevideomaster Toolbar) - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files\freevideomaster\tbfree.dll File not found
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (freevideomaster Toolbar) - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files\freevideomaster\tbfree.dll File not found
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (freevideomaster Toolbar) - {01DFD24D-73EB-497F-8DFD-7EA79365AF4A} - C:\Program Files\freevideomaster\tbfree.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
    O4 - HKCU..\Run: [PopRock] C:\Users\ADMINI~1.BLU\AppData\Local\Temp\b.exe File not found
    O4 - HKCU..\Run: [sl1000] C:\Users\ADMINI~1.BLU\AppData\Local\TempImages\sl1000.exe (Verify App Ver)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab (Reg Error: Key error.)
    [2009/11/07 08:14:03 | 00,000,000 | ---- | M] () -- C:\Windows\win32k.sys
    [2009/10/10 12:56:41 | 00,000,080 | RHS- | C] () -- C:\Windows\System32\BF58954A04.dll

    :Files
    C:\Program Files\MyWebSearch
    C:\Program Files\freevideomaster

    :Commands
    [purity]
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done


FINALLY

Download Combofix from any of the links below. You must rename it before saving rename it to Gotcha before saving it to your desktop.

Link 1
Link 2


==================================


Double click on the renamed ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.
Go to the top of the page
 
+Quote Post
onkaloonka
post Nov 7 2009, 02:05 PM
Post #6


Member
**
Posts: 57
From: USA :)
OS: Vista home premium
Okay, First off, I still didnt get a .txt file from win32kdiag.exe

Second off, Now my computer is constantly restarting after using that avenger progam.
It has already restarted 4 times,

Well err, Doesnt look to good so far.
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 7 2009, 02:09 PM
Post #7


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
How far does it get before the restart and what warnings do you get ?
Go to the top of the page
 
+Quote Post
onkaloonka
post Nov 7 2009, 02:14 PM
Post #8


Member
**
Posts: 57
From: USA :)
OS: Vista home premium
Actaully It just stopped restarting, will post results in 1 min:
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 7 2009, 02:18 PM
Post #9


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
Phew smile.gif Obviously that file did not want to be moved and Avenger had to work harder
Go to the top of the page
 
+Quote Post
onkaloonka
post Nov 7 2009, 02:21 PM
Post #10


Member
**
Posts: 57
From: USA :)
OS: Vista home premium
Okay wink.gif , now its restarting again and again using OTL

is that normal?
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 7 2009, 02:27 PM
Post #11


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
Nope it sounds like the malware is fighting back - I fear you may have a new variant, lets see if the boot cycle ends and are you getting warnings or is it just rebooting ?
Go to the top of the page
 
+Quote Post
onkaloonka
post Nov 7 2009, 02:30 PM
Post #12


Member
**
Posts: 57
From: USA :)
OS: Vista home premium
Im getting a warning from windows, to save my work because it has to restart the computer.
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 7 2009, 02:33 PM
Post #13


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
OK when windows restarts keep pressing F8 - when the menu comes up select last known good

Then move on to the Combofix renamed step
Go to the top of the page
 
+Quote Post
onkaloonka
post Nov 7 2009, 02:36 PM
Post #14


Member
**
Posts: 57
From: USA :)
OS: Vista home premium
Haha! OTL succeeded, wonderful, preceeding onto the steps right now.
Go to the top of the page
 
+Quote Post
Essexboy
post Nov 7 2009, 02:41 PM
Post #15


GeekU Moderator
Group Icon
Posts: 19,158
From: Darkest Cornwall
OS: Vista Ultimate & Windows 7
Obviously it is fighting hard but not hard enough thumbsup.gif
Go to the top of the page
 
+Quote Post
 

7 Pages V   1 2 3 > » 
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 20th November 2009 - 08:14 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.