Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

gaming account was hacked.


  • This topic is locked This topic is locked

#1
iheartmaryjane

iheartmaryjane

    Member

  • Member
  • PipPip
  • 42 posts
My world of warcraft account was hacked, im pretty sure the password was cracked, because i think my PC is clean, but im still worried that there might be a keylogger hiding somewhere, any help would be greatly appreciated, thanks in advance.



OTL logfile created on: 6/25/2011 2:01:46 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\maxim\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 42.94% Memory free
5.09 Gb Paging File | 3.38 Gb Available in Paging File | 66.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 242.25 Gb Free Space | 81.27% Space Free | Partition Type: NTFS

Computer Name: MAXIM-E4F46F636 | User Name: maxim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\maxim\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\World of Warcraft\Wow.exe (Blizzard Entertainment)
PRC - C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\maxim\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)


========== Win32 Services (SafeList) ==========

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Driver Services (SafeList) ==========

DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\l151x86.sys (Atheros Communications, Inc.)
DRV - (RzSynapse) -- C:\WINDOWS\system32\drivers\RzSynapse.sys (Razer USA Ltd)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (A5AGU) -- C:\WINDOWS\system32\drivers\A5AGU.sys (D-Link Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/06/02 20:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/06/02 20:49:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1300469588375 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1303079939781 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/18 04:58:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 16:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maxim\Start Menu\Programs\Diablo II
[2011/06/23 16:24:12 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2011/06/23 16:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2011/06/23 16:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2011/06/03 17:28:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/03 12:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/03 12:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/06/03 12:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/06/02 20:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maxim\Application Data\DDMSettings
[2011/06/02 20:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maxim\Application Data\DivX
[2011/06/02 20:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/06/02 20:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/06/02 20:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/06/02 20:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/06/02 18:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2011/06/02 18:29:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\maxim\Recent
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 13:32:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-776561741-1801674531-1003UA.job
[2011/06/25 06:26:11 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/06/25 06:25:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 06:25:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/24 22:32:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-776561741-1801674531-1003Core.job
[2011/06/23 16:31:14 | 000,035,343 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2011/06/23 16:30:42 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/06/23 16:30:42 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/06/23 16:30:42 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/06/23 16:30:28 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\maxim\Desktop\Diablo II - Lord of Destruction.lnk
[2011/06/23 16:24:13 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2011/06/23 16:24:12 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2011/06/23 16:24:12 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2011/06/15 09:32:41 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\maxim\Desktop\Google Chrome.lnk
[2011/06/15 09:32:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\maxim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/03 17:29:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/03 13:09:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/03 13:04:39 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/06/03 12:48:15 | 000,400,846 | ---- | M] () -- C:\Documents and Settings\maxim\My Documents\IMG-20110603-00087.jpg
[2011/06/02 20:49:53 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/06/02 20:49:53 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\maxim\Desktop\DivX Movies.lnk
[2011/06/02 20:49:17 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2011/06/02 19:10:46 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/02 19:10:46 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/02 19:10:44 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/02 18:09:02 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/02 18:09:02 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/02 18:00:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/23 16:30:42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/06/23 16:30:42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/06/23 16:30:42 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/06/23 16:30:28 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\maxim\Desktop\Diablo II - Lord of Destruction.lnk
[2011/06/23 16:24:13 | 000,035,343 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/06/23 16:24:13 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2011/06/23 16:24:12 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2011/06/03 12:48:18 | 000,400,846 | ---- | C] () -- C:\Documents and Settings\maxim\My Documents\IMG-20110603-00087.jpg
[2011/06/02 20:49:53 | 000,001,447 | ---- | C] () -- C:\Documents and Settings\maxim\Desktop\DivX Movies.lnk
[2011/06/02 20:49:17 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2011/06/02 20:48:58 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/06/02 19:10:29 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/02 18:56:47 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2011/06/02 18:00:39 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/22 00:20:43 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/22 00:20:38 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/22 00:20:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/19 13:40:06 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\maxim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/17 18:35:14 | 000,122,771 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2011/04/17 18:35:14 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2011/03/23 21:30:30 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/18 05:26:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/18 05:21:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/18 05:07:22 | 000,155,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2011/03/18 05:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/18 04:56:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/17 18:34:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/17 18:32:04 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/20 10:15:04 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/03/18 05:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/19 13:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/05/19 13:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maxim\Application Data\.ABC
[2011/05/22 00:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maxim\Application Data\CheckPoint
[2011/06/02 20:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maxim\Application Data\DDMSettings
[2011/05/19 13:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\maxim\Application Data\Research In Motion

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
iheartmaryjane

iheartmaryjane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
posted in the waiting room
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello iheartmaryjane,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat. http://www.appremove...ed-applications

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#4
iheartmaryjane

iheartmaryjane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ComboFix 11-07-01.01 - maxim 07/01/2011 18:55:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1319 [GMT -4:00]
Running from: c:\documents and settings\maxim\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Steam\Steam.exe
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-06-29 21:13 . 2011-06-29 21:13 -------- d-----w- c:\program files\Common Files\Steam
2011-06-29 21:13 . 2011-07-01 23:00 -------- d-----w- c:\program files\Steam
2011-06-23 20:30 . 2011-06-23 20:30 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2011-06-23 20:30 . 2011-06-23 20:30 17212 ----a-w- c:\windows\system32\SIntf32.dll
2011-06-23 20:30 . 2011-06-23 20:30 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-06-23 20:24 . 2011-06-23 20:24 94208 ----a-w- c:\windows\DIIUnin.exe
2011-06-23 20:24 . 2011-06-23 20:24 2829 ----a-w- c:\windows\DIIUnin.pif
2011-06-23 20:17 . 2011-06-23 21:34 -------- d-----w- c:\program files\Diablo II
2011-06-03 16:59 . 2011-06-03 16:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-06-03 16:59 . 2011-06-03 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-06-03 00:50 . 2011-06-03 00:50 -------- d-----w- c:\documents and settings\maxim\Application Data\DDMSettings
2011-06-03 00:48 . 2011-06-03 00:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-06-03 00:48 . 2011-06-03 00:49 -------- d-----w- c:\program files\DivX
2011-06-03 00:47 . 2011-06-03 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-06-02 23:10 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-02 23:10 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-02 22:56 . 2003-06-25 20:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2011-06-02 22:30 . 2011-06-02 22:30 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2011-04-08 02:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2011-04-08 02:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-04-08 02:15 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2011-04-08 02:15 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-05-22 04:44 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2011-04-08 02:15 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-04-08 02:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2011-03-18 09:28 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-03-18 09:28 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-03-18 09:28 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-05-22 04:44 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2011-05-22 04:44 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2011-05-22 04:44 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2011-05-22 04:44 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-25 06:09 . 2011-03-18 09:28 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-17 22:18 . 2007-11-01 12:56 36864 ----a-w- c:\windows\system32\drivers\l151x86.sys
2011-04-12 19:29 . 2011-04-12 19:29 428416 ----a-w- c:\windows\system32\RzMwApi.dll
2011-04-12 17:31 . 2011-04-12 17:31 507904 ----a-r- c:\windows\system32\btwapi.dll
2011-04-08 05:14 . 2011-05-22 04:44 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-22 04:44 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-08 05:14 . 2011-05-22 04:44 4111232 ----a-w- c:\windows\system32\nv4_disp(7).dll
2011-04-08 05:14 . 2011-05-22 04:44 4111232 ----a-w- c:\windows\system32\nv4_disp(6).dll
2011-04-08 05:14 . 2011-05-22 04:44 4111232 ----a-w- c:\windows\system32\nv4_disp(5).dll
2011-04-08 05:14 . 2011-05-22 04:44 4111232 ----a-w- c:\windows\system32\nv4_disp(4).dll
2011-04-08 05:14 . 2011-05-22 04:44 4111232 ----a-w- c:\windows\system32\nv4_disp(3).dll
2011-04-08 05:14 . 2011-05-22 04:44 2027008 ----a-w- c:\windows\system32\nvapi(6).dll
2011-04-08 05:14 . 2011-05-22 04:44 2027008 ----a-w- c:\windows\system32\nvapi(5).dll
2011-04-08 05:14 . 2011-05-22 04:44 2027008 ----a-w- c:\windows\system32\nvapi(4).dll
2011-04-08 05:14 . 2011-05-22 04:44 2027008 ----a-w- c:\windows\system32\nvapi(3).dll
2011-04-08 05:14 . 2011-05-22 04:44 2027008 ----a-w- c:\windows\system32\nvapi(2).dll
2011-04-08 02:15 . 2011-04-08 02:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-07-03 16:32 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\prototype\\prototypef.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/18/2011 5:22 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/18/2011 5:22 AM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/18/2011 5:22 AM 19544]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/22/2011 12:45 AM 2214504]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [11/1/2007 8:56 AM 36864]
R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [4/20/2011 7:23 PM 103424]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [3/18/2011 5:07 AM 386784]
S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [3/18/2011 6:39 PM 19020]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-776561741-1801674531-1003Core.job
- c:\documents and settings\maxim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-18 09:11]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-776561741-1801674531-1003UA.job
- c:\documents and settings\maxim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-18 09:11]
.
.
------- Supplementary Scan -------
.
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 64.71.255.198
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
AddRemove-Steam App 10150 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-01 19:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-01 19:03:47
ComboFix-quarantined-files.txt 2011-07-01 23:03
.
Pre-Run: 251,279,224,832 bytes free
Post-Run: 251,418,841,088 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 904B22013C857D9E51898C6E19E0C79E



thanks for helping me
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again iheartmaryjane,

Not looking too bad.

Now

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

  • Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP 
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

So when you return please post
  • aswMBR log
  • OTL log

  • 0

#6
iheartmaryjane

iheartmaryjane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ASWMBR log
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-02 12:56:45
-----------------------------
12:56:45.265 OS Version: Windows 5.1.2600 Service Pack 3
12:56:45.265 Number of processors: 2 586 0x1706
12:56:45.265 ComputerName: MAXIM-E4F46F636 UserName: maxim
12:56:45.968 Initialize success
12:56:46.078 AVAST engine defs: 11070200
12:57:39.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
12:57:39.609 Disk 0 Vendor: WDC_WD3200AAKS-75B3A0 01.03A01 Size: 305245MB BusType: 3
12:57:41.625 Disk 0 MBR read successfully
12:57:41.625 Disk 0 MBR scan
12:57:41.625 Disk 0 Windows XP default MBR code
12:57:43.625 Disk 0 scanning sectors +625121280
12:57:43.656 Disk 0 scanning C:\WINDOWS\system32\drivers
12:57:47.984 Service scanning
12:57:48.890 Disk 0 trace - called modules:
12:57:48.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:57:48.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a63bab8]
12:57:48.890 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8a664a98]
12:57:48.890 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-9[0x8a689940]
12:57:49.687 AVAST engine scan C:\WINDOWS
13:04:42.125 AVAST engine scan C:\Documents and Settings\maxim
13:07:09.734 AVAST engine scan C:\Documents and Settings\All Users
13:09:58.828 Scan finished successfully
13:13:54.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\maxim\Desktop\MBR.dat"
13:13:54.484 The log file has been saved successfully to "C:\Documents and Settings\maxim\Desktop\aswMBR.txt"

OLT log

OTL logfile created on: 7/2/2011 1:25:36 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\maxim\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 80.74% Memory free
5.09 Gb Paging File | 4.62 Gb Available in Paging File | 90.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 234.07 Gb Free Space | 78.53% Space Free | Partition Type: NTFS

Computer Name: MAXIM-E4F46F636 | User Name: maxim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\maxim\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\maxim\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)


========== Win32 Services (SafeList) ==========

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Driver Services (SafeList) ==========

DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\l151x86.sys (Atheros Communications, Inc.)
DRV - (RzSynapse) -- C:\WINDOWS\system32\drivers\RzSynapse.sys (Razer USA Ltd)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (A5AGU) -- C:\WINDOWS\system32\drivers\A5AGU.sys (D-Link Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/06/02 20:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/06/02 20:49:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/01 19:01:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1300469588375 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1303079939781 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/18 04:58:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 18:54:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/01 18:53:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/01 18:53:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/01 18:53:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/01 18:53:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/01 18:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/01 18:52:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/01 18:52:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\maxim\Start Menu\Programs\Administrative Tools
[2011/06/29 19:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maxim\My Documents\Prototype
[2011/06/29 19:28:45 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/06/29 19:28:45 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/06/29 19:28:45 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/06/29 19:28:44 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/06/29 19:28:44 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/06/29 19:28:44 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/06/29 19:28:44 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/06/29 19:28:43 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/06/29 19:28:43 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011/06/29 19:28:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/06/29 19:28:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/06/29 19:28:43 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011/06/29 19:28:42 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/06/29 19:28:42 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/06/29 19:28:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/06/29 19:28:42 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/06/29 19:28:42 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/06/29 19:28:41 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/06/29 19:28:41 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/06/29 19:28:41 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/06/29 19:28:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/06/29 19:28:40 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/06/29 19:28:40 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/06/29 19:28:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/06/29 19:28:40 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/06/29 19:28:39 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/06/29 19:28:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/06/29 19:28:39 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/06/29 19:28:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/06/29 19:28:38 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/06/29 19:28:38 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/06/29 19:28:37 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/06/29 19:28:37 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/06/29 19:28:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/06/29 19:28:37 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/06/29 19:28:37 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/06/29 19:28:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/06/29 19:28:36 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/06/29 19:28:36 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/06/29 19:28:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/06/29 19:28:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/06/29 19:28:34 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2011/06/29 19:28:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2011/06/29 19:28:33 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/06/29 19:28:33 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/06/29 19:28:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/06/29 19:28:33 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/06/29 19:28:32 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/06/29 19:28:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/06/29 19:28:32 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/06/29 19:28:32 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/06/29 19:28:32 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/06/29 19:28:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/06/29 19:28:31 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2011/06/29 19:28:31 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2011/06/29 19:28:25 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/06/29 19:28:25 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2011/06/29 19:28:25 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2011/06/29 19:28:25 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2011/06/29 19:28:24 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2011/06/29 19:28:24 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/06/29 19:28:24 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/06/29 19:28:23 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/06/29 19:28:23 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/06/29 19:28:21 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2011/06/29 19:28:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/06/29 17:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maxim\Start Menu\Programs\Steam
[2011/06/29 17:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/06/29 17:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/06/29 17:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2011/06/23 16:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maxim\Start Menu\Programs\Diablo II
[2011/06/23 16:24:12 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2011/06/23 16:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diablo II
[2011/06/23 16:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2011/06/03 17:28:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/03 12:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/03 12:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/06/03 12:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/06/02 20:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maxim\Application Data\DDMSettings
[2011/06/02 20:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\maxim\Application Data\DivX
[2011/06/02 20:49:06 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/06/02 20:49:06 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/06/02 20:49:05 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/06/02 20:49:05 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/06/02 20:49:05 | 000,567,792 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/06/02 20:49:05 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/06/02 20:49:05 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/06/02 20:49:05 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/06/02 20:49:05 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2011/06/02 20:49:05 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2011/06/02 20:49:05 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/06/02 20:49:05 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/06/02 20:49:05 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/06/02 20:49:05 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/06/02 20:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/06/02 20:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/06/02 20:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/06/02 20:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/06/02 19:10:29 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/06/02 19:10:29 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/06/02 18:56:48 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2011/06/02 18:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2011/06/02 18:29:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\maxim\Recent
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/02 13:13:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\maxim\Desktop\MBR.dat
[2011/07/02 12:54:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/02 12:54:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/02 00:32:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-776561741-1801674531-1003UA.job
[2011/07/01 22:32:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-776561741-1801674531-1003Core.job
[2011/07/01 19:57:20 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/07/01 19:01:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/01 18:54:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/30 17:33:16 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\maxim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/30 17:33:15 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\maxim\Desktop\Google Chrome.lnk
[2011/06/29 19:38:45 | 000,274,212 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/29 19:38:45 | 000,274,212 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/29 19:38:45 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/29 17:35:43 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\maxim\Desktop\Prototype.url
[2011/06/29 17:13:13 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 16:31:14 | 000,035,343 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2011/06/23 16:30:42 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/06/23 16:30:42 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/06/23 16:30:42 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/06/23 16:30:28 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\maxim\Desktop\Diablo II - Lord of Destruction.lnk
[2011/06/23 16:24:13 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2011/06/23 16:24:12 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2011/06/23 16:24:12 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2011/06/03 17:29:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/03 13:09:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/03 13:04:39 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/06/03 12:48:15 | 000,400,846 | ---- | M] () -- C:\Documents and Settings\maxim\My Documents\IMG-20110603-00087.jpg
[2011/06/02 20:49:53 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/06/02 20:49:53 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\maxim\Desktop\DivX Movies.lnk
[2011/06/02 20:49:17 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2011/06/02 18:09:02 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/02 18:09:02 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/02 18:00:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/02 13:13:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\maxim\Desktop\MBR.dat
[2011/07/01 18:54:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/01 18:54:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/01 18:53:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/01 18:53:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/01 18:53:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/01 18:53:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/01 18:53:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/29 17:35:43 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\maxim\Desktop\Prototype.url
[2011/06/29 17:13:13 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/06/23 16:30:42 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/06/23 16:30:42 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/06/23 16:30:42 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/06/23 16:30:28 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\maxim\Desktop\Diablo II - Lord of Destruction.lnk
[2011/06/23 16:24:13 | 000,035,343 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/06/23 16:24:13 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2011/06/23 16:24:12 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2011/06/03 12:48:18 | 000,400,846 | ---- | C] () -- C:\Documents and Settings\maxim\My Documents\IMG-20110603-00087.jpg
[2011/06/02 20:49:53 | 000,001,447 | ---- | C] () -- C:\Documents and Settings\maxim\Desktop\DivX Movies.lnk
[2011/06/02 20:49:17 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2011/06/02 20:48:58 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/06/02 19:10:29 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/02 18:56:47 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2011/06/02 18:00:39 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/22 00:20:43 | 000,274,212 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/22 00:20:38 | 000,274,212 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/22 00:20:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/19 13:40:06 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\maxim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/17 18:35:14 | 000,122,771 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2011/04/17 18:35:14 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2011/03/23 21:30:30 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/18 05:26:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/18 05:21:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/18 05:07:22 | 000,155,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2011/03/18 05:00:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/18 04:56:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/17 18:34:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/17 18:32:04 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/20 10:15:04 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/03/18 04:58:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/03 17:29:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/01 18:54:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/07/01 19:03:49 | 000,011,108 | ---- | M] () -- C:\ComboFix.txt
[2011/03/18 04:58:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/03/18 04:58:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/18 04:58:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/02 12:54:12 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/03/17 18:31:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011/03/17 18:31:03 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011/03/17 18:31:03 | 000,946,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/14 08:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/14 08:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< End of report >
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again iheartmaryjane,

It all looks pretty good to me. Just a couple of final bits to do then we will go to clearing away the tools we have been using.

Now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    
    :Commands
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

Please run a free on line scan with BitDefender Online Scanner

Note: these instructions were compiled using Firefox. IE users may find slight differences... just follow the prompts.

  • Click the green Start Scanner button
  • Click the green Free Scan Now button
  • Accept the plug in installation
  • Restart your browser if requested
  • Click the green Free Scan Now button again
  • Accept the eula agreement
  • The scan should start. It will be relatively quick.
  • Click View Report (note: this is not the facebook one - just click on the words View Report)
  • Notepad will open with a log
  • Save to your desktop
  • Copy and paste the report back here
When you return please post
  • OTL fix log
  • BitDefender scan results

  • 0

#8
iheartmaryjane

iheartmaryjane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
posting OLT log, going to post bitdefender log in a bit. woke up with emails on my phone from black berry saying i have to reset my Black berry ID. because to many failed log on attempts. so somone is trying to mess with me, and doing it through my phone?


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: maxim
->Temp folder emptied: 1289 bytes
->Temporary Internet Files folder emptied: 1011655 bytes
->Google Chrome cache emptied: 361778235 bytes
->Flash cache emptied: 12500 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 346.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: maxim
->Flash cache emptied: 0 bytes

User: NetworkService

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 07032011_062432

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

bit defender logs


QuickScan Beta 32-bit v0.9.9.97
-------------------------------
Scan date: Sun Jul 03 06:31:31 2011
Machine ID: 405BAE68



No infection found.
-------------------



Processes
---------
avast! Antivirus 1488 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
avast! Antivirus 3036 C:\Program Files\AVAST Software\Avast\AvastUI.exe
Bluetooth Software 1976 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Bluetooth Software 3888 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Bluetooth Software 3996 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
DivX Update 3356 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
Google Chrome 4020 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 2900 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 2536 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 1240 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 1304 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 2296 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 2288 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Microsoft® Windows® Operating System 2832 C:\WINDOWS\NOTEPAD.EXE
Microsoft® Windows® Operating System 164 C:\WINDOWS\system32\spoolsv.exe
NVIDIA Driver Helper Service, Version 2 1252 C:\WINDOWS\system32\nvsvc32.exe
NVIDIA nTune 1136 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
NVIDIA Update Components 1272 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Razer Naga Systray 3308 C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
Realtek HD Audio Sound Effect Manager 3280 C:\WINDOWS\RTHDCPL.EXE
RIMBBLaunchAgent 3316 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
Skype 3460 C:\Program Files\Skype\Phone\Skype.exe
Steam 3832 C:\Program Files\Steam\Steam.exe
Windows Live Messenger 3384 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(verified) Microsoft® Windows® Operating System 480 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2336 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 744 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 824 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 3332 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 812 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 460 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1188 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1044 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 748 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1100 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1400 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1376 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1332 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 2944 C:\WINDOWS\system32\wuauclt.exe
(verified) Microsoft® Windows® Operating System 1784 C:\WINDOWS\system32\wuauclt.exe


Network activity
----------------
Process chrome.exe (1304) connected on port 443 (HTTP over SSL) --> 209.85.225.132
Process chrome.exe (1304) connected on port 443 (HTTP over SSL) --> 209.85.225.95
Process chrome.exe (1304) connected on port 443 (HTTP over SSL) --> 74.125.91.103
Process chrome.exe (1304) connected on port 443 (HTTP over SSL) --> 209.85.225.96
Process chrome.exe (1304) connected on port 443 (HTTP over SSL) --> 74.125.226.43
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 69.171.224.14
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 74.125.226.66
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.168
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 74.125.226.90
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.138
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.201
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 66.235.142.2
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 74.125.226.64
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.201
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 74.217.252.37
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.160
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 74.125.226.57
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 69.171.228.13
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 209.85.225.96
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.184
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 184.25.67.167
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.178
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.168
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.168
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 74.125.226.33
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 209.85.225.95
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 23.1.79.139
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.168
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.153
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 209.85.225.95
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.168
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 74.125.226.41
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 209.85.225.95
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.168
Process AvastSvc.exe (1488) connected on port 80 (HTTP) --> 64.71.251.136

Process svchost.exe (1044) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\NvMCTray.dll
nwiz.exe C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
Razer Naga Systray C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
RIMBBLaunchAgent C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
Skype C:\Program Files\Skype\Phone\Skype.exe
Steam C:\Program Files\Steam\Steam.exe
Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
(verified) Google Update C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll


Browser plugins
---------------
avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll
BitDefender QuickScan C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.97_0\npqscan.dll
DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
DivX Web Player c:\program files\divx\divx plus web player\npdivx32.dll
Google Update C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
Skype Toolbars C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Scan
----
MD5: d7c0a1d1dda5e0dbed1532a3932fed5d C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\avcodec-52.dll
MD5: 6223afd48d4aca148a8491984b047b5d C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\avformat-52.dll
MD5: 18bc712e0634e385ae16ff11f082f28b C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\avutil-50.dll
MD5: 4375470e685d6a02c4cae2fa4ef43a3a C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\chrome.dll
MD5: 70e875b0760af23814b562981135c88f C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\icudt.dll
MD5: efb555929b0db48bcdd22e809bf28d20 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\locales\en-US.dll
MD5: a08998a4b4c4e0a4ee8a35540474de7e C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\pdf.dll
MD5: 0aec04837002925dc3f7aa2c8d47d760 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll
MD5: 2c1b3203c86eeba979c3edbba4aa0698 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
MD5: ec5f1b4482b01afb20c111973f9a920d C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
MD5: 52db04cdedc71a2c3e01bf962839e629 C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.97_0\npqscan.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Documents and Settings\maxim\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: e905d3630e79b6b08482c2ac96e9b697 C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: 24716159c95a5d3c9b10e3e22a492e84 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: 04e9ed50e618cbb92169831e65564592 C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: ae70958651435e6073b213b732edbcdd C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 963ab38714eb5ddce2663d908c5f0025 C:\Program Files\AVAST Software\Avast\AhResBhv.dll
MD5: 7135b390a3988d8f57da6cb2c9431110 C:\Program Files\AVAST Software\Avast\AhResJs.dll
MD5: 7f34de9fd8a6fe99962fd27aa722bd9e C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: cfbd76abe7655fa1630d013b35302588 C:\Program Files\AVAST Software\Avast\AhResMes.dll
MD5: 385bf0f6fc0cd61a263db4a87f970658 C:\Program Files\AVAST Software\Avast\AhResNS.dll
MD5: b7a76bab651a890ae72ff3364a3392c0 C:\Program Files\AVAST Software\Avast\AhResP2P.dll
MD5: e709e6d40e97937b89c4b9d56bc2305f C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: c055fcc5f5b69223f605bca44b14d4d4 C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: 9c6b150698eed974400849d7d1538db6 C:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: f93b872568a3b190d6f2dc3907b9943e C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
MD5: 0469fe3a6820bfb815a582932a007e02 C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: 2341eb1047ba6ae71feb630e460cdd3e C:\Program Files\AVAST Software\Avast\ashShell.dll
MD5: e6c904fc855c85aa8efa335eec89b1a3 C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 627c9a7daf8df1f479a4c086def0ec9a C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: 7e8e142eda97491948934e14587b1e72 C:\Program Files\AVAST Software\Avast\ashWebSv.dll
MD5: 9fcaa89e9018988c8b8eb9eaad97ff79 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
MD5: 06e8b08e64fb31d44446daa6356af04f C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 2f35752ef125e8379d398a8f40496c27 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: 56e7402fa22025a455942aff867a4018 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 22c0f29a20c601ecb46b2a75e64547ba C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: 8d8148663898b020b02c494d811484ea C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: 6f0b62e608c44f0b4759dae9951796cb C:\Program Files\AVAST Software\Avast\aswDld.dll
MD5: 247ed2cf155c2b7247574ec76951a0e5 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: 7cf40c2fe72bace128ac3823a0f151d9 C:\Program Files\AVAST Software\Avast\aswIdle.dll
MD5: a111413e460566d85c8cd55ab32ca7cc C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: 48e6f1ec1a47ce5debb84d5ad4c0fcf9 C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: fe0a3caaa38b3e6e4f1d4dc31bdac432 C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 402e10499afd4333ea5610263732cf22 C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 713590d7d3630f780560ca510f669b90 c:\program files\avast software\avast\aswwebrepie.dll
MD5: 2695e3e9497bf72abb44b5010ec5da16 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: 2e9a1a6555c20424fc6dcc3af21f4d68 C:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: 8a407b47cf7fdb5905b3439802a9232c C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: d4020ad45bb1f910872f62b254054f5e C:\Program Files\AVAST Software\Avast\defs\11070202\algo.dll
MD5: b6fcc5d3a69e64c1dc0d9da4059804f9 C:\Program Files\AVAST Software\Avast\defs\11070202\aswCmnBS.dll
MD5: aedcfcd587a453774106aaba9c07fec8 C:\Program Files\AVAST Software\Avast\defs\11070202\aswCmnIS.dll
MD5: dc161d83851521577c26a3f37c995db3 C:\Program Files\AVAST Software\Avast\defs\11070202\aswCmnOS.dll
MD5: ab0350e01c67b22ba5355ea20b16341d C:\Program Files\AVAST Software\Avast\defs\11070202\aswEngin.dll
MD5: a0c02cac04f066772a405d2ff6fa2394 C:\Program Files\AVAST Software\Avast\defs\11070202\aswScan.dll
MD5: a798660faf35abbe0476fe1def8c695e C:\Program Files\AVAST Software\Avast\defs\11070300\algo.dll
MD5: ec39064baeb0819098de2ea8814300b9 C:\Program Files\AVAST Software\Avast\defs\11070300\arPot.dll
MD5: 4ab25d588bd955f25b51b6e3f5dc083e C:\Program Files\AVAST Software\Avast\defs\11070300\aswAR.dll
MD5: b6fcc5d3a69e64c1dc0d9da4059804f9 C:\Program Files\AVAST Software\Avast\defs\11070300\aswCmnBS.dll
MD5: aedcfcd587a453774106aaba9c07fec8 C:\Program Files\AVAST Software\Avast\defs\11070300\aswCmnIS.dll
MD5: dc161d83851521577c26a3f37c995db3 C:\Program Files\AVAST Software\Avast\defs\11070300\aswCmnOS.dll
MD5: ab0350e01c67b22ba5355ea20b16341d C:\Program Files\AVAST Software\Avast\defs\11070300\aswEngin.dll
MD5: a0c02cac04f066772a405d2ff6fa2394 C:\Program Files\AVAST Software\Avast\defs\11070300\aswScan.dll
MD5: a22743999d63a2fe81cfb8dad8539d45 C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: f58a8bc2acc1d450103d455f57a2edb6 C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
MD5: 52d28ae9e168ba60f2dfa00edd101b14 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MD5: fbfe36b870595b771284e0b2199f51c2 C:\Program Files\Common Files\Steam\SteamService.exe
MD5: a96cf24dce0dbac3c3b80b61fb1c44a7 C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
MD5: b4be4dae164bf1c6630f0d32fed0eca9 c:\program files\divx\divx plus web player\npdivx32.dll
MD5: 7636713b4f0944045ab4af7ced5245ab C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MD5: 7726c681f89f51d1d03f5dec2538da7b C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MD5: a30e97371e38ef45b0757561b2796733 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 09b62a6ce0a0c86d030c55436e3d6ca6 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
MD5: 778cd0984a8a84dc416649d6ff6875b1 C:\Program Files\NVIDIA Corporation\nTune\nTuneServiceENU.dll
MD5: 34472e819186f2342f4b9f3c9171fa28 C:\Program Files\NVIDIA Corporation\nTune\nvsulib.dll
MD5: 2cc4e45b0eb4c48392cec9c83b5b8e3b C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
MD5: 272c770207703402830c801b34d44852 C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
MD5: 5b520662a1913ddf532b99b81810e891 C:\Program Files\NVIDIA Corporation\NvUpdate\NvUpdt.dll
MD5: a83ff6b2101769bdf94559af0703c3b2 C:\Program Files\NVIDIA Corporation\NvUpdate\NVUPDTR.DLL
MD5: 2976b4312b2fa9e0648e6a6580d3877c C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
MD5: ab875b402869cdf8204d1e9880bfad43 C:\Program Files\Skype\Phone\Skype.exe
MD5: 0ae3ee2a15685bcde716e1ef410d4436 c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
MD5: 88d0d8ce3eff3c44b0530507f12893e1 C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll
MD5: d1d7908e8c90feadcd9d1663752363f9 C:\Program Files\Steam\avutil-50.dll
MD5: 6ec8566281ff0464a4ed6d7e503bc6d6 C:\Program Files\Steam\bin\avcodec-52.dll
MD5: 3b30dd64c67c881300198a7a5cc33685 C:\Program Files\Steam\bin\avformat-52.dll
MD5: ea1f42949b42d9b0a17cc98829b5d641 C:\Program Files\Steam\bin\avutil-50.dll
MD5: 2ba7ad84eda12234ff610336b6acde18 C:\Program Files\Steam\bin\FileSystem_Steam.dll
MD5: c720f2a93d592398c646bd34d913af1a C:\Program Files\Steam\bin\icudt42.dll
MD5: b142049e9396815bbce2d3821a465001 C:\Program Files\Steam\bin\libcef.dll
MD5: 8327485395caf7a7644f8352526eca4e C:\Program Files\Steam\bin\steamservice.dll
MD5: dde84dce9e74e9ebdc4d4c5565ca969d C:\Program Files\Steam\bin\vgui2.dll
MD5: 87a1d7863dabdfb8973cd158c48868f1 C:\Program Files\Steam\crashhandler.dll
MD5: 173c217e677c4b0c4f8a6d54ba13bf9b C:\Program Files\Steam\CSERHelper.dll
MD5: a7532e66ea2f168a0970e829d8986423 C:\Program Files\Steam\DbgHelp.dll
MD5: ee57221080201c9a9b974b77b36f2758 C:\Program Files\Steam\Steam.dll
MD5: 3dd25048297a24ab4b3bfc17aba5d0db C:\Program Files\Steam\Steam.exe
MD5: e08b4e496ed41f54840a314b89b2b7eb C:\Program Files\Steam\steamclient.dll
MD5: a1377d10ac41df2e8bc5617a82240fc2 C:\Program Files\Steam\SteamUI.dll
MD5: c3e5f9dba4d2eedb6685c5f421796787 C:\Program Files\Steam\tier0_s.dll
MD5: fb7ba5924487934ee35f5ab686c8febf C:\Program Files\Steam\vstdlib_s.dll
MD5: b90635b00d3d4d6ea8c21ccaf35be55e C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
MD5: 17d93369a6e4b422393cf4c529dfcca8 C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
MD5: f8897bedeccbd0f1fe0fd284b42745af C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MD5: 9dd35aabb07b4df43d4411c44d697544 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
MD5: 6f4f94d196fc59867eab9602518a59b4 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
MD5: 9dd35aabb07b4df43d4411c44d697544 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\NOTEPAD.EXE
MD5: 9dd414590e695ea208139c23db8a5aa3 C:\WINDOWS\nvoclock.sys
MD5: 8d6c32d982dc380287d446de1d166e48 C:\WINDOWS\RTHDCPL.EXE
MD5: 2ec58f700bdcea908e250a57f19e7e99 C:\WINDOWS\system32\BROWSEUI.dll
MD5: d94bc4ea0146add2c456666cf54463d0 C:\WINDOWS\system32\BtAudioHelper.dll
MD5: 60260abae92294de020aa2d15d041b7d C:\WINDOWS\system32\bthcrp.dll
MD5: ed9c3c2457b4d850951b42ca1f3935a8 C:\WINDOWS\system32\btins.dll
MD5: 87cbc94839880b35a88782e65a6ead14 C:\WINDOWS\system32\btmmhook.dll
MD5: 043e49bc424d8170665ecacb9fe84d0d C:\WINDOWS\system32\btncopy.dll
MD5: 3613d0bc0abdeaef3f4a65e53c62ac3f C:\WINDOWS\system32\btosif.dll
MD5: 2fb5083d34c0b31837dd3cf909fdbf0d C:\WINDOWS\system32\btosif_notes.dll
MD5: 25be7c1e2a3492d36f5cbdbfdf51af7c C:\WINDOWS\system32\btosif_ol.dll
MD5: 6060f5fab436f558708fe2f0a58f8211 C:\WINDOWS\system32\btosif_olx.dll
MD5: 32f3b398e224209ee8934c0268808810 C:\WINDOWS\system32\btrez.dll
MD5: ff08a8448627e5060f8f4234e5d1fd7d C:\WINDOWS\system32\btwhidcs.DLL
MD5: cbfcf10c088307d4b66fbbaf685c7e06 C:\WINDOWS\system32\btwicons.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll
MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 304d8a51672c760f5d92d73652e8fbfc C:\WINDOWS\system32\DRIVERS\A5AGU.sys
MD5: 7618d5218f2a614672ec61a80d854a37 C:\WINDOWS\System32\drivers\afd.sys
MD5: d6407b9a012205e5754866e145165c29 C:\WINDOWS\system32\drivers\btaudio.sys
MD5: 75130181fa2fd6cbe83083c5311abe78 C:\WINDOWS\system32\DRIVERS\btkrnl.sys
MD5: 2f9f111d31aa3fbbe5781d829a4524e6 C:\WINDOWS\system32\DRIVERS\btport.sys
MD5: c51d50cf24da69a9c499e65b0edb3bb7 C:\WINDOWS\system32\DRIVERS\btwhid.sys
MD5: 1166cb501e1c34750a91600579efeab3 C:\WINDOWS\System32\Drivers\btwusb.sys
MD5: d03d10f7ded688fecf50f8fbf1ea9b8a C:\WINDOWS\system32\DRIVERS\HPZid412.sys
MD5: 89f41658929393487b6b7d13c8528ce3 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
MD5: 0907a12341e56dda7b22f8fd116a981d C:\WINDOWS\system32\DRIVERS\l151x86.sys
MD5: 0ea4d8ed179b75f8afa7998ba22285ca C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 8b2c874897ea498da012284e12f9db2b C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
MD5: a1e70b8354d52aeb3cb49568c7c0a2ff C:\WINDOWS\System32\Drivers\Razerlow.sys
MD5: 616eac1b0e48b236a5a9b8ae07fdb81c C:\WINDOWS\System32\Drivers\RimUsb.sys
MD5: a30685283f90ae02f1cd50972c6065e3 C:\WINDOWS\system32\drivers\RtkHDAud.sys
MD5: 2e2f0d988f6d46e5e5e84d9fcad39081 C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 57e51c6347165622c69d456b96b1eb46 C:\WINDOWS\system32\dxdiagn.dll
MD5: 8548696301e03f146cb58725f21a07b6 C:\WINDOWS\system32\easyUpdatusAPIU.dll
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 77ebf3e9386daa51551af429052d88d0 C:\WINDOWS\system32\giveio.sys
MD5: 51c6d8bfbd4ea5b62a1ba7f4469250d3 c:\windows\system32\hpzinw12.dll
MD5: 79834aa2fbf9fe81eebb229024f6f7fc c:\windows\system32\hpzipm12.dll
MD5: 3183bfa7bdf50662f9094bc720eb7af9 C:\WINDOWS\system32\hpzll5ha.dll
MD5: effd64260143b0118d456ec6971f08bd C:\WINDOWS\system32\ieframe.dll
MD5: b8eb7f71695bd146bf4385aa5f57cbce C:\WINDOWS\system32\iertutil.dll
MD5: e106233b925adbe99cb26d548fc98def C:\WINDOWS\system32\inetcomm.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.DLL
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: c7e39ea41233e9f5b86c8da3a9f1e4a8 C:\WINDOWS\system32\mspmsnsv.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 88c6248a56de8c6517fddc285ae5d0fb C:\WINDOWS\system32\nvapi.dll
MD5: d8db2ce1577859840d08e526bd80fd54 C:\WINDOWS\system32\NvCpl.dll
MD5: e8ded21534a07e50d092dd513ff6a3a9 C:\WINDOWS\system32\NvMCTray.dll
MD5: 32f7dec3729b3bae66eebcab7b03b18f C:\WINDOWS\system32\nvsvc32.exe
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: a05d21b8bbc4c9537634e4704aa93d51 C:\WINDOWS\system32\RzMwApi.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: b253efb7d828007f4a17ca240e809a70 C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 5d6401db90ec81b71f8e2c5c8f0fef23 C:\WINDOWS\system32\speedfan.sys
MD5: d0e39177c896d2f8191a9c96636276df C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5ha.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 6a3c6e768ff117d30fa148e9ad81db0f C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: e827d9322e2bb1fc056c58bc363c410b C:\WINDOWS\system32\wbtapi.dll
MD5: 990248d5fc079af7bbe21199e60ef4da C:\WINDOWS\system32\webcheck.dll
MD5: 01b75cd90cc0896731fdeb9e30cd4883 C:\WINDOWS\system32\WidcommSdk.dll
MD5: 2f7a5408260cd0d3d2e916f811e166f5 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll
MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\system32\wlanapi.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: e0b432f20fa54fa689949ac6dbc4c4ab C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\MSVCP90.dll
MD5: 355fe68a41ec27c2a3d1a6e86a582820 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\MSVCR90.dll
MD5: bcfbef2f71c2eb0a23fa54a3ed314e78 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
MD5: 2e8746b581358e8035791c00115b7e88 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\MFC90ENU.DLL
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 0.81 KB recvd
Scanned 608 files and modules - 16 seconds

==============================================================================

Edited by iheartmaryjane, 03 July 2011 - 04:39 AM.

  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello iheartmaryjane,

I think your machine is clean.

As far as further ways to secure your computer are concerned. The Avast anti-virus program you already have gives you good protection but one thing you might consider is an anti-keylogger program.

If a keylogger is software based, a good free antikeylogger software is IHateKeyloggers. While I understand it can't block screencapture, when tested, it was found to block commercial keystroke logging software. It won't remove the keylogger software, but it will block the keystroke from being logged.

http://dewasoft.com/...-keyloggers.htm

KeyScrambler is very good as well although I don't know whether it works with the latest IE & Firefox browser versions.

http://www.qfxsoftwa...d/whats-new.htm

If you're afraid of keylogging passwords a password program like Password Corral or Password Vault could be an option for you.

As far as your Blackberry is concerned. My understanding is (I don't own one) that Blackberry phones are pretty secure to start with but if you suspect yours is being hacked then I would contact Blackberry for information on what can be done to enhance your security.

The link below will take you to some applications that might help.

Blackberry security apps.

Now

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

The aswMBR folder/files can be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
  • Download from here Java Runtime Environment (JDK) Update
  • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

    Reboot your computer.
    You also need to uininstall older versions of Java.
  • Click Start > Control Panel > Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:---------------------------------------------------------------------------------------------------------------------

To reduce the amount of fragmentation in your machines file system occasionally run a defragmenter utility. You can use your built in program (Start > Programs > Accessories > System Tools > Disk Defragmentor) or alternatively here is a program you can download and use: Puran Disc Defragmenter

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

For further protection if you don't already have one, consider installing a firewall

A firewall is essential to help prevent hackers from infiltrating your computer.

Here are two good firewalls free for personal use:

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Have a safe and happy computing day!
  • 0

#10
iheartmaryjane

iheartmaryjane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Thanks for the help, very professional.
  • 0

#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
You are very welcome. :)
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP