Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect / PHR / Pjukya


  • This topic is locked This topic is locked

#1
ided

ided

    New Member

  • Member
  • Pip
  • 3 posts
I have just experienced issues with google redirecting as well as seeing the phr and pukya processes running. I have managed to remove the exe files and do not see them start up anymore. I did the standard Spybot S+D, virus scans, and what not. I haven't seen a redirect but I want to make sure my processes look clean before I get back into my business and banking applications. Thanks a ton in advance for your help!

EDIT --- Forgot to mention that I was seeing the re-directs in Firefox and Chrome (don't really use IE).

OTL logfile created on: 7/1/2011 8:47:33 AM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\cjxmccac\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.43% Memory free
7.92 Gb Paging File | 5.86 Gb Available in Paging File | 73.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 179.61 Gb Free Space | 63.38% Space Free | Partition Type: NTFS

Computer Name: IDZYNS-CJXMCCAC | User Name: cjxmccac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/01 08:47:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cjxmccac\Downloads\OTL.exe
PRC - [2011/06/28 17:14:22 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 10:59:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 12:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 07:54:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/23 17:34:50 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
PRC - [2011/03/23 17:34:50 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/03/09 16:21:01 | 001,073,152 | ---- | M] () -- C:\ColdFusion9\db\slserver54\bin\swsoc.exe
PRC - [2011/03/09 16:21:01 | 000,114,688 | ---- | M] () -- C:\ColdFusion9\db\slserver54\bin\swstrtr.exe
PRC - [2011/03/09 16:21:00 | 000,696,320 | ---- | M] () -- C:\ColdFusion9\db\slserver54\bin\swagent.exe
PRC - [2011/03/09 16:17:37 | 000,115,712 | ---- | M] (Acresso) -- C:\ColdFusion9\solr\solr.exe
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/11/02 20:00:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/11 16:46:54 | 000,075,064 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2010/07/18 14:30:24 | 000,740,864 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2010/07/18 14:27:38 | 001,258,496 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 20:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/28 00:08:41 | 003,045,884 | ---- | M] (Verity, Inc.) -- C:\ColdFusion9\verity\k2\_nti40\bin\k2server.exe
PRC - [2008/04/27 22:57:32 | 001,824,388 | ---- | M] (Verity, Inc.) -- C:\ColdFusion9\verity\k2\_nti40\bin\k2index.exe
PRC - [2008/04/27 22:57:03 | 003,677,616 | ---- | M] (Verity, Inc.) -- C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe
PRC - [2007/05/21 08:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/04/04 23:45:12 | 000,077,824 | ---- | M] () -- C:\ColdFusion9\jnbridge\CFDotNetsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/01 08:47:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cjxmccac\Downloads\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/26 17:35:52 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/23 05:16:20 | 008,610,664 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/06/28 17:14:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/13 06:12:23 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/27 07:54:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/06 02:13:38 | 005,040,128 | ---- | M] () [Auto | Start_Pending] -- C:\mongodb\bin\mongod.exe -- (MongoDB)
SRV - [2011/03/23 17:34:50 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011/03/09 16:21:01 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\ColdFusion9\db\slserver54\bin\swstrtr.exe -- (ColdFusion 9 ODBC Server)
SRV - [2011/03/09 16:21:00 | 000,696,320 | ---- | M] () [Auto | Running] -- C:\ColdFusion9\db\slserver54\bin\swagent.exe -- (ColdFusion 9 ODBC Agent)
SRV - [2011/03/09 16:17:37 | 000,115,712 | ---- | M] (Acresso) [Auto | Running] -- C:\ColdFusion9\solr\solr.exe -- (CF9Solr)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/08/11 16:46:54 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/07/18 14:30:24 | 000,740,864 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/12 11:43:53 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/10 05:17:10 | 000,068,096 | ---- | M] (Macromedia Inc.) [On_Demand | Stopped] -- C:\ColdFusion9\runtime\bin\jrunsvc.exe -- (ColdFusion 9 Application Server)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/27 22:57:03 | 003,677,616 | ---- | M] (Verity, Inc.) [Auto | Running] -- C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe -- (ColdFusion 9 Search Server)
SRV - [2007/04/04 23:45:12 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\ColdFusion9\jnbridge\CFDotNetsvc.exe -- (ColdFusion 9 .NET Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 17:14:23 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 17:14:23 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/06 17:47:18 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/18 18:53:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/23 12:15:12 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\DisplayLinkUsbPort_5.2.24075.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2010/03/23 05:16:51 | 000,185,968 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2010/03/23 05:16:51 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 04:26:10 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 20:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/11/04 10:37:28 | 000,054,816 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2008/04/01 13:33:16 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Temp/Tunebite/.downloading/profile/rrproxy_ie_4b6ca103.pac

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/17 16:28:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 10:59:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/18 14:02:26 | 000,000,000 | ---D | M]

[2010/01/28 12:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cjxmccac\AppData\Roaming\Mozilla\Extensions
[2011/06/27 16:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cjxmccac\AppData\Roaming\Mozilla\Firefox\Profiles\erf86nu4.default\extensions
[2011/06/27 15:02:33 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\cjxmccac\AppData\Roaming\Mozilla\Firefox\Profiles\erf86nu4.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/03/08 19:47:21 | 000,000,000 | ---D | M] (Firecookie) -- C:\Users\cjxmccac\AppData\Roaming\Mozilla\Firefox\Profiles\erf86nu4.default\extensions\[email protected]
[2011/03/23 18:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/19 06:41:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/24 15:52:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/09 09:24:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 14:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\CJXMCCAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ERF86NU4.DEFAULT\EXTENSIONS\[email protected]
[2011/06/24 10:59:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/19 12:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npstrlnk.dll
[2010/01/01 01:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 01:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 01:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/16 12:38:31 | 000,001,997 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.94.0.1 client.openvpn.net
O1 - Hosts: 127.0.0.1 cjm
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3fe6ed87-65d8-11df-b817-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe6ed87-65d8-11df-b817-005056c00008}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6dfc4bfe-35c0-11df-9119-002564773b14}\Shell - "" = AutoRun
O33 - MountPoints2\{6dfc4bfe-35c0-11df-9119-002564773b14}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ceb2eb87-62f2-11df-b937-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb2eb87-62f2-11df-b937-005056c00008}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{f5ed4cbd-dbf5-11df-ba04-cde31d2ff12c}\Shell - "" = AutoRun
O33 - MountPoints2\{f5ed4cbd-dbf5-11df-ba04-cde31d2ff12c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 09:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ewido anti-malware
[2011/06/30 09:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/30 09:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/30 09:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/06/30 08:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/06/30 08:57:55 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/29 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\Desktop\Website Ideas
[2011/06/28 10:56:35 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Local\Pipe Mania
[2011/06/28 10:53:49 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Roaming\Opera
[2011/06/28 10:53:49 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Local\Opera
[2011/06/28 10:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011/06/27 10:36:59 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\ProtegeSports
[2011/06/22 14:02:54 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\Desktop\test
[2011/06/16 16:23:05 | 000,000,000 | ---D | C] -- C:\mongodb
[2011/06/16 14:05:15 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Roaming\DonationCoder
[2011/06/16 14:05:14 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\Documents\DonationCoder
[2011/06/16 14:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/06/16 14:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011/06/16 14:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\URLSnooper2
[2011/06/16 14:01:23 | 000,000,000 | ---D | C] -- C:\rtmpdump-2.3
[2011/06/14 07:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/14 07:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/10 22:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/06/01 11:10:30 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Roaming\com.amazon.music.uploader
[2011/06/01 11:10:13 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\Documents\Amazon MP3 Uploader
[2011/06/01 11:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2009/12/12 11:19:05 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\cjxmccac\AppData\Roaming\DataSafeDotNet.exe
[7 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/01 08:48:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 08:48:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 08:42:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 08:41:57 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Ifdayx.job
[2011/07/01 08:41:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 08:41:28 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/30 10:44:29 | 000,000,036 | ---- | M] () -- C:\Users\cjxmccac\AppData\Local\housecall.guid.cache
[2011/06/30 10:38:06 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/30 09:31:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2908030762-2616769476-3972435295-1001UA.job
[2011/06/30 09:31:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2908030762-2616769476-3972435295-1001Core.job
[2011/06/30 09:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/30 09:01:39 | 000,001,248 | ---- | M] () -- C:\Users\cjxmccac\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/30 09:01:39 | 000,001,224 | ---- | M] () -- C:\Users\cjxmccac\Desktop\Spybot - Search & Destroy.lnk
[2011/06/30 08:57:55 | 000,002,991 | ---- | M] () -- C:\Users\cjxmccac\Desktop\HiJackThis.lnk
[2011/06/30 08:49:56 | 000,155,648 | RHS- | M] () -- C:\Windows\SysWow64\C_13612.dll
[2011/06/30 08:06:00 | 000,000,893 | ---- | M] () -- C:\Users\cjxmccac\.Xauthority
[2011/06/29 19:04:55 | 388,453,359 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/29 08:59:02 | 000,002,016 | ---- | M] () -- C:\Users\cjxmccac\Documents\Default.rdp
[2011/06/28 17:14:23 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/06/28 17:14:23 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/06/28 15:51:52 | 105,701,376 | ---- | M] () -- C:\Users\cjxmccac\Desktop\parasitology.mdb
[2011/06/28 11:03:02 | 000,001,256 | ---- | M] () -- C:\Users\cjxmccac\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/28 09:19:44 | 000,009,484 | ---- | M] () -- C:\Users\cjxmccac\Desktop\new_bathtub.jpg
[2011/06/28 09:19:44 | 000,001,456 | ---- | M] () -- C:\Users\cjxmccac\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/27 16:00:02 | 000,034,208 | ---- | M] () -- C:\Users\cjxmccac\Desktop\BrowserWars.jpg
[2011/06/26 17:32:34 | 000,737,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/26 17:32:34 | 000,149,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/20 14:39:08 | 000,000,600 | ---- | M] () -- C:\Users\cjxmccac\AppData\Local\PUTTY.RND
[2011/06/16 16:12:16 | 000,045,056 | ---- | M] (Macromedia Inc.) -- C:\Windows\SysNative\cfperfmon_9.dll
[2011/06/16 14:05:15 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2011/06/16 10:26:27 | 000,051,734 | ---- | M] () -- C:\Users\cjxmccac\Documents\cc_20110616_102619.reg
[2011/06/15 09:57:14 | 005,055,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/15 09:08:06 | 000,904,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/14 07:37:55 | 000,279,258 | ---- | M] () -- C:\Users\cjxmccac\Documents\cc_20110614_073746.reg
[2011/06/14 07:37:23 | 398,528,244 | ---- | M] () -- C:\Users\cjxmccac\Documents\backup_6_14_2010.reg
[2011/06/08 16:27:09 | 000,000,132 | ---- | M] () -- C:\Users\cjxmccac\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/08 10:30:58 | 000,001,199 | ---- | M] () -- C:\Users\cjxmccac\Desktop\SQL-Missing-Index-Analysis.sql
[2011/06/07 16:17:25 | 000,001,337 | ---- | M] () -- C:\Users\cjxmccac\Desktop\Parasite-Patient-Migrate.sql
[2011/06/07 14:26:51 | 000,000,580 | ---- | M] () -- C:\Users\cjxmccac\Desktop\Parasite-Doctor-Migrate.sql
[2011/06/07 08:28:33 | 000,000,331 | ---- | M] () -- C:\Users\cjxmccac\Desktop\cvb-registration-clear.sql
[7 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/30 10:44:29 | 000,000,036 | ---- | C] () -- C:\Users\cjxmccac\AppData\Local\housecall.guid.cache
[2011/06/30 10:33:22 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/30 09:01:39 | 000,001,248 | ---- | C] () -- C:\Users\cjxmccac\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/30 09:01:39 | 000,001,224 | ---- | C] () -- C:\Users\cjxmccac\Desktop\Spybot - Search & Destroy.lnk
[2011/06/30 08:57:55 | 000,002,991 | ---- | C] () -- C:\Users\cjxmccac\Desktop\HiJackThis.lnk
[2011/06/30 08:49:57 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\Ifdayx.job
[2011/06/30 08:49:56 | 000,155,648 | RHS- | C] () -- C:\Windows\SysWow64\C_13612.dll
[2011/06/29 19:04:55 | 388,453,359 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/28 10:56:36 | 000,002,036 | ---- | C] () -- C:\Users\cjxmccac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pipe Mania.lnk
[2011/06/28 09:19:44 | 000,009,484 | ---- | C] () -- C:\Users\cjxmccac\Desktop\new_bathtub.jpg
[2011/06/27 16:00:01 | 000,034,208 | ---- | C] () -- C:\Users\cjxmccac\Desktop\BrowserWars.jpg
[2011/06/24 09:51:29 | 105,701,376 | ---- | C] () -- C:\Users\cjxmccac\Desktop\parasitology.mdb
[2011/06/18 14:02:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/16 14:05:15 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2011/06/16 10:26:22 | 000,051,734 | ---- | C] () -- C:\Users\cjxmccac\Documents\cc_20110616_102619.reg
[2011/06/14 07:37:49 | 000,279,258 | ---- | C] () -- C:\Users\cjxmccac\Documents\cc_20110614_073746.reg
[2011/06/14 07:36:43 | 398,528,244 | ---- | C] () -- C:\Users\cjxmccac\Documents\backup_6_14_2010.reg
[2011/06/08 16:27:09 | 000,000,132 | ---- | C] () -- C:\Users\cjxmccac\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/08 10:30:58 | 000,001,199 | ---- | C] () -- C:\Users\cjxmccac\Desktop\SQL-Missing-Index-Analysis.sql
[2011/06/07 16:17:24 | 000,001,337 | ---- | C] () -- C:\Users\cjxmccac\Desktop\Parasite-Patient-Migrate.sql
[2011/06/07 14:26:51 | 000,000,580 | ---- | C] () -- C:\Users\cjxmccac\Desktop\Parasite-Doctor-Migrate.sql
[2011/06/01 11:10:10 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2011/01/18 10:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2011/01/18 10:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2010/12/03 11:14:50 | 000,002,534 | ---- | C] () -- C:\Windows\SysWow64\gdi64z.sys
[2010/10/08 16:17:07 | 000,001,456 | ---- | C] () -- C:\Users\cjxmccac\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/16 20:08:55 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/07/14 10:37:53 | 000,001,182 | ---- | C] () -- C:\Windows\xp32i.dat
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/05/24 12:54:00 | 000,000,600 | ---- | C] () -- C:\Users\cjxmccac\AppData\Local\PUTTY.RND
[2010/04/10 14:58:19 | 000,877,748 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/05 15:19:42 | 000,000,044 | ---- | C] () -- C:\Windows\MSYS.INI
[2010/03/28 20:48:23 | 000,033,533 | ---- | C] () -- C:\Windows\SysWow64\CoreVorbis-uninstall.exe
[2010/03/28 20:48:20 | 000,036,734 | ---- | C] () -- C:\Windows\SysWow64\OggDSuninst.exe
[2010/03/28 20:30:59 | 000,000,565 | ---- | C] () -- C:\Users\cjxmccac\AppData\Roaming\AutoGK.ini
[2010/03/28 20:13:44 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/03/28 20:13:44 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/07 12:14:55 | 000,000,550 | ---- | C] () -- C:\Windows\eReg.dat
[2010/01/28 12:25:31 | 000,214,720 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/01/28 12:25:20 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/01/28 12:25:20 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/27 14:56:27 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009/12/12 11:33:17 | 000,007,592 | ---- | C] () -- C:\Users\cjxmccac\AppData\Local\Resmon.ResmonCfg
[2009/12/12 11:18:10 | 000,002,154 | ---- | C] () -- C:\Users\cjxmccac\AppData\Roaming\install.dat
[2009/12/06 10:10:14 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/06 10:10:13 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/06 10:10:13 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/06 10:10:11 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/11/11 04:37:18 | 002,542,458 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002/10/06 11:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002/10/04 16:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002/10/04 16:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== LOP Check ==========

[2010/08/14 10:26:00 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\abgx360
[2010/09/16 11:02:18 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Autodesk
[2011/06/14 07:33:33 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Azureus
[2010/01/14 09:20:31 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Canon
[2011/06/01 11:10:30 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\com.amazon.music.uploader
[2010/05/18 20:03:39 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\DAEMON Tools Lite
[2011/06/16 14:05:15 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\DonationCoder
[2011/06/30 08:02:48 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\FileZilla
[2010/10/08 08:58:43 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\gtk-2.0
[2011/06/26 17:28:48 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\HLSW
[2011/05/31 14:08:09 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\IrfanView
[2010/08/16 19:26:40 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\LolClient
[2010/01/17 15:33:02 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Notepad++
[2011/06/28 10:56:40 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Opera
[2010/10/08 15:51:24 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/03/30 08:12:46 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Trillian
[2010/05/24 11:42:00 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Western Digital
[2011/05/26 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\X-Chat 2
[2011/07/01 08:41:57 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\Ifdayx.job
[2010/05/18 21:29:49 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/30 10:38:06 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C7DEC6B7

< End of report >



**************************
EXTRAS LOG
**************************

OTL Extras logfile created on: 7/1/2011 8:47:33 AM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\cjxmccac\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.43% Memory free
7.92 Gb Paging File | 5.86 Gb Available in Paging File | 73.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 179.61 Gb Free Space | 63.38% Space Free | Partition Type: NTFS

Computer Name: IDZYNS-CJXMCCAC | User Name: cjxmccac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Users\cjxmccac\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Users\cjxmccac\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\cjxmccac\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\cjxmccac\AppData\Local\Aptana Studio 2.0\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D6BDD859-D458-4554-94E9-B9E2EE4AC399}" = DisplayLink Core Software
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe ColdFusion 9" = Adobe ColdFusion 9
"Adobe ColdFusion 9 .NET Integration Services" = Adobe ColdFusion 9 .NET Integration Services
"Adobe ColdFusion 9 Solr Service" = Adobe ColdFusion 9 Solr Service
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{186F10A7-0E42-79F5-D965-5A1FCC19000F}" = Adobe Community Help
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 24
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB350BD-4E66-80B7-CDD4-1E60BE13A1D2}" = PSS_Notifications
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{503F62C9-99C2-376A-9B74-AB03E7CDB980}" = Google Talk Plugin
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7F1477EB-0DFE-424E-909A-DFEE5AFEF101}" = OpenVPN Connect
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85135177-3D68-45CB-89A1-519C51113D8C}" = AUM Language Resource
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86AFBE3F-97EB-4651-9F24-6E3C33833C20}" = Cisco ASDM Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{944E0AD7-61FA-436D-85B5-EF6F7D3BB24B}" = AUM Core
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9EA080BC-DDC5-4D17-A60E-56E4E67E6B41}" = Adobe Setup
"{A15CCD0A-4435-35B2-27E5-22DCB30EA13D}" = WebCam
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A90B6EFD-08F4-4450-A283-C236ED396D35}" = AAMInstaller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E65DB47B-A11A-4963-8642-AD8A44635B76}" = Adobe Anchor Service
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA4BF139-4D09-462E-B4AF-E89C640224C0}" = Quake Live Internet Explorer Plugin
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"8461-7759-5462-8226" = Vuze
"abgx360" = abgx360 v1.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_9002797fb59cafdc5cd19d059881017" = Adobe Anchor Service
"AppInventor Setup" = AppInventor Setup
"Aptana Studio 2.0" = Aptana Studio 2.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.example.PSSNotifications" = PSS_Notifications
"com.adobe.example.WebCam" = WebCam
"com.amazon.music.uploader" = Amazon MP3 Uploader
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.0
"FileZilla Server" = FileZilla Server (remove only)
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IrfanView" = IrfanView (remove only)
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Notepad++" = Notepad++
"nxclient_is1" = NX Client for Windows 3.4.0-7
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UltraISO_is1" = UltraISO V7.62 ME
"Uninstall Adobe ColdFusion Builder 2" = Adobe ColdFusion Builder 2
"Uninstall Adobe ColdFusion Builder Plugins" = Adobe ColdFusion Builder Plugins
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 1.1.10
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Draw 4 App" = Draw 4 App
"Google Chrome" = Google Chrome
"Pipe Mania" = Pipe Mania
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2011 7:32:41 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/17/2011 7:33:47 PM | Computer Name = idzyns-cjxmccac | Source = Application Error | ID = 1000
Description = Faulting application name: mongod.exe, version: 0.0.0.0, time stamp:
0x4d9c0491 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7c8f9 Exception code: 0xc0000008 Fault offset: 0x00000000000cd7d8 Faulting process
id: 0x18c Faulting application start time: 0x01cc2d46c6a2b0bc Faulting application
path: C:\mongodb\bin\mongod.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 3f1fde70-993a-11e0-90aa-005056c00008

Error - 6/18/2011 7:33:21 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/19/2011 7:33:38 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/20/2011 4:08:26 PM | Computer Name = idzyns-cjxmccac | Source = ColdFusion 9 Application Server | ID = 65793
Description = The ColdFusion 9 Application Server service was terminated. Check
the server "coldfusion" log files for more informatio

Error - 6/20/2011 7:34:06 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/21/2011 7:34:24 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/22/2011 7:34:42 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/23/2011 7:35:00 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/24/2011 7:35:18 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 1/12/2010 10:49:57 AM | Computer Name = idzyns-cjxmccac | Source = MCUpdate | ID = 0
Description = 7:49:57 AM - Error connecting to the internet. 7:49:57 AM - Unable
to contact server..

Error - 1/12/2010 10:50:07 AM | Computer Name = idzyns-cjxmccac | Source = MCUpdate | ID = 0
Description = 7:50:02 AM - Error connecting to the internet. 7:50:02 AM - Unable
to contact server..

Error - 2/10/2010 11:22:34 AM | Computer Name = idzyns-cjxmccac | Source = MCUpdate | ID = 0
Description = 8:22:33 AM - Error connecting to the internet. 8:22:33 AM - Unable
to contact server..

Error - 2/10/2010 11:22:46 AM | Computer Name = idzyns-cjxmccac | Source = MCUpdate | ID = 0
Description = 8:22:39 AM - Error connecting to the internet. 8:22:39 AM - Unable
to contact server..

[ OSession Events ]
Error - 1/4/2010 1:14:13 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 445
seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/5/2010 6:10:41 PM | Computer Name = idzyns-cjxmccac | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4257
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 7/1/2011 11:54:18 AM | Computer Name = idzyns-cjxmccac | Source = Service Control Manager | ID = 7031
Description = The Mongo DB service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.


< End of report >

Edited by ided, 01 July 2011 - 09:59 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, could you confirm that you are no longer getting redirected

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/01 08:41:57 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Ifdayx.job
    [2011/06/30 10:38:06 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#3
ided

ided

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you for the quick reply! At the time I posted the logs I _was_ still being redirected it turns out. Since then, I have run the OTL settings you provided and executed the ComboFix program that I had located in another thread. Directly below this is my Malwarebytes' log file and below that I will put the result of my ComboFix log. After executing these items and rebooting I haven't been redirected thus far. I'm just very nervous to do any kind of banking activity (as expected).


******************************
BEGIN MALWAREBYTES QUICK SCAN LOG
******************************

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6998

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/1/2011 1:34:57 PM
mbam-log-2011-07-01 (13-34-57).txt

Scan type: Quick scan
Objects scanned: 214149
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\R4B1ZAOPF5 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






******************************
BEGIN COMBOFIX LOG
******************************
ComboFix 11-06-30.05 - cjxmccac 07/01/2011 9:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2109 [GMT -7:00]
Running from: c:\users\cjxmccac\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\cjxmccac\AppData\Roaming\Install.dat
c:\users\cjxmccac\Documents\backup_6_14_2010.reg
c:\users\cjxmccac\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 17:59 . 2011-07-01 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-01 17:59 . 2011-07-01 17:59 -------- d-----w- c:\users\cjxmccac2\AppData\Local\temp
2011-07-01 17:59 . 2011-07-01 17:59 -------- d-----w- c:\users\Administrator.idzyns-cjxmccac\AppData\Local\temp
2011-07-01 16:04 . 2011-07-01 16:04 -------- d-----w- C:\_OTL
2011-06-30 16:14 . 2011-06-30 17:49 -------- d-----w- c:\program files (x86)\ewido anti-malware
2011-06-30 16:01 . 2011-07-01 16:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-06-30 16:01 . 2011-07-01 16:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-30 15:57 . 2011-06-30 17:57 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-30 15:57 . 2011-06-30 15:57 388096 ----a-r- c:\users\cjxmccac\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-30 15:49 . 2011-06-30 15:49 155648 --sha-r- c:\windows\SysWow64\C_13612.dll
2011-06-28 17:56 . 2011-06-28 17:56 -------- d-----w- c:\users\cjxmccac\AppData\Local\Pipe Mania
2011-06-28 17:53 . 2011-06-28 17:56 -------- d-----w- c:\users\cjxmccac\AppData\Local\Opera
2011-06-28 17:53 . 2011-06-28 18:03 -------- d-----w- c:\program files (x86)\Opera
2011-06-27 17:36 . 2011-06-27 17:39 -------- d-----w- c:\users\cjxmccac\ProtegeSports
2011-06-24 17:59 . 2011-06-24 17:59 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 17:59 . 2011-06-24 17:59 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-16 23:23 . 2011-06-17 18:07 -------- d-----w- C:\mongodb
2011-06-16 21:05 . 2011-06-16 21:05 -------- d-----w- c:\users\cjxmccac\AppData\Roaming\DonationCoder
2011-06-16 21:04 . 2011-06-16 21:05 -------- d-----w- c:\program files (x86)\WinPcap
2011-06-16 21:04 . 2011-06-27 00:31 -------- d-----w- c:\program files (x86)\URLSnooper2
2011-06-16 21:01 . 2011-06-16 21:02 -------- d-----w- C:\rtmpdump-2.3
2011-06-15 19:51 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-15 15:43 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 15:43 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 15:43 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 15:43 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 15:43 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 15:43 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 15:43 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 15:43 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 15:43 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 15:43 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 15:43 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 15:43 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 15:43 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-14 14:26 . 2011-06-14 14:26 -------- d-----w- c:\program files\CCleaner
2011-06-06 19:55 . 2011-06-06 19:55 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-01 18:10 . 2011-06-01 18:10 -------- d-----w- c:\users\cjxmccac\AppData\Roaming\com.amazon.music.uploader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 00:14 . 2010-04-05 03:11 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-29 00:14 . 2010-01-04 03:06 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-16 23:12 . 2011-02-11 17:06 45056 ----a-w- c:\windows\system32\cfperfmon_9.dll
2011-06-15 16:32 . 2011-05-23 20:15 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-15 00:02 . 2011-05-23 20:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-04-12 20:01 . 2011-04-12 20:01 52632 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-04-09 07:02 . 2011-05-10 18:37 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-10 18:37 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-10 18:37 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-10 18:37 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 06:00 . 2011-04-09 06:00 465920 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-09 05:56 . 2011-05-10 18:37 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 22:45 2355224 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2010-07-18 1258496]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OpenVPN Connect.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe [2011-3-23 33280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
2;2 MongoDB;Mongo DB;c:\mongodb\bin\mongod.exe [x]
R2 Bacula-fd;Bacula File Service;c:\program files\Bacula\bacula-fd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;c:\coldfusion9\jnbridge\CFDotNetsvc.exe [2007-04-05 77824]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-03-24 24064]
R3 ColdFusion 9 Application Server;ColdFusion 9 Application Server;c:\coldfusion9\runtime\bin\jrunsvc.exe [2009-09-10 68096]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.24075.0.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-27 1030600]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 CF9Solr;ColdFusion 9 Solr Service;c:\coldfusion9\solr\solr.exe [2011-03-09 115712]
S2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;c:\coldfusion9\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [x]
S2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;c:\coldfusion9\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [x]
S2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;c:\coldfusion9\verity\k2\_nti40\bin\k2admin.exe [2008-04-28 3677616]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-03-23 8610664]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 23:32 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-04 19:13]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-04 19:13]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2908030762-2616769476-3972435295-1001Core.job
- c:\users\cjxmccac\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-12 18:20]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2908030762-2616769476-3972435295-1001UA.job
- c:\users\cjxmccac\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-12 18:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
FF - ProfilePath - c:\users\cjxmccac\AppData\Roaming\Mozilla\Firefox\Profiles\erf86nu4.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-99800254.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-CoreVorbis Audio Decoder - c:\windows\system32\CoreVorbis-uninstall.exe
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2908030762-2616769476-3972435295-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*C*h*e*m*i*e"\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2908030762-2616769476-3972435295-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*R*`$\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\coldfusion9\db\slserver54\bin\swagent.exe
c:\coldfusion9\db\slserver54\bin\swstrtr.exe
c:\coldfusion9\db\slserver54\bin\swsoc.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\coldfusion9\verity\k2\_nti40\bin\k2server.exe
c:\coldfusion9\verity\k2\_nti40\bin\k2index.exe
.
**************************************************************************
.
Completion time: 2011-07-01 11:39:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-01 18:39
.
Pre-Run: 192,948,137,984 bytes free
Post-Run: 207,224,934,400 bytes free
.
- - End Of File - - DF03C7DEB4153FD04D3B47CF2954C320
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There was no need to run combofix, but no matter

What problems do you have at the moment ?

The malware was in these two files

C:\Windows\tasks\Ifdayx.job
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

  • 0

#5
ided

ided

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

There was no need to run combofix, but no matter

What problems do you have at the moment ?

The malware was in these two files

C:\Windows\tasks\Ifdayx.job
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job


I had already ran the combofix prior to your post so I figured I'd go ahead and just slap the log up there anyways. My fault though, I missed the sentence to re-post my OTL logs after running the commands you provided me with. As of right now redirects appear to be fixed and I'm not seeing any unexpected behaviour. If you think the log below looks good then I'll go ahead and resume more normal computing. Thanks a lot for your response and assistance.

**************************************
BEGIN OTL LOG
**************************************

OTL logfile created on: 7/1/2011 1:49:34 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\cjxmccac\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 49.02% Memory free
7.92 Gb Paging File | 5.40 Gb Available in Paging File | 68.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 200.35 Gb Free Space | 70.70% Space Free | Partition Type: NTFS

Computer Name: IDZYNS-CJXMCCAC | User Name: cjxmccac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/01 08:47:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cjxmccac\Downloads\OTL.exe
PRC - [2011/06/28 17:14:22 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 10:59:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 12:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/27 07:54:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/05 19:53:47 | 000,059,040 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe ColdFusion Builder 2\CFBuilder.exe
PRC - [2011/03/23 17:34:50 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
PRC - [2011/03/23 17:34:50 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2011/03/09 16:21:01 | 001,073,152 | ---- | M] () -- C:\ColdFusion9\db\slserver54\bin\swsoc.exe
PRC - [2011/03/09 16:21:01 | 000,114,688 | ---- | M] () -- C:\ColdFusion9\db\slserver54\bin\swstrtr.exe
PRC - [2011/03/09 16:21:00 | 000,696,320 | ---- | M] () -- C:\ColdFusion9\db\slserver54\bin\swagent.exe
PRC - [2011/03/09 16:17:37 | 000,115,712 | ---- | M] (Acresso) -- C:\ColdFusion9\solr\solr.exe
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/11/02 20:00:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/11 16:46:54 | 000,075,064 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2010/07/18 14:30:24 | 000,740,864 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 20:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/28 00:08:41 | 003,045,884 | ---- | M] (Verity, Inc.) -- C:\ColdFusion9\verity\k2\_nti40\bin\k2server.exe
PRC - [2008/04/27 22:57:32 | 001,824,388 | ---- | M] (Verity, Inc.) -- C:\ColdFusion9\verity\k2\_nti40\bin\k2index.exe
PRC - [2008/04/27 22:57:03 | 003,677,616 | ---- | M] (Verity, Inc.) -- C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe
PRC - [2007/05/21 08:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/04/04 23:45:12 | 000,077,824 | ---- | M] () -- C:\ColdFusion9\jnbridge\CFDotNetsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/01 08:47:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\cjxmccac\Downloads\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/26 17:35:52 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/23 05:16:20 | 008,610,664 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/06/28 17:14:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/13 06:12:23 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/27 07:54:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/06 02:13:38 | 005,040,128 | ---- | M] () [Auto | Start_Pending] -- C:\mongodb\bin\mongod.exe -- (MongoDB)
SRV - [2011/03/23 17:34:50 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011/03/09 16:21:01 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\ColdFusion9\db\slserver54\bin\swstrtr.exe -- (ColdFusion 9 ODBC Server)
SRV - [2011/03/09 16:21:00 | 000,696,320 | ---- | M] () [Auto | Running] -- C:\ColdFusion9\db\slserver54\bin\swagent.exe -- (ColdFusion 9 ODBC Agent)
SRV - [2011/03/09 16:17:37 | 000,115,712 | ---- | M] (Acresso) [Auto | Running] -- C:\ColdFusion9\solr\solr.exe -- (CF9Solr)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/08/11 16:46:54 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/07/18 14:30:24 | 000,740,864 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/12 11:43:53 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/10 05:17:10 | 000,068,096 | ---- | M] (Macromedia Inc.) [On_Demand | Stopped] -- C:\ColdFusion9\runtime\bin\jrunsvc.exe -- (ColdFusion 9 Application Server)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/27 22:57:03 | 003,677,616 | ---- | M] (Verity, Inc.) [Auto | Running] -- C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe -- (ColdFusion 9 Search Server)
SRV - [2007/04/04 23:45:12 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\ColdFusion9\jnbridge\CFDotNetsvc.exe -- (ColdFusion 9 .NET Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 17:14:23 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 17:14:23 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/06 17:47:18 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/03/23 12:15:12 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\DisplayLinkUsbPort_5.2.24075.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2010/03/23 05:16:51 | 000,185,968 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2010/03/23 05:16:51 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 04:26:10 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 20:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/11/04 10:37:28 | 000,054,816 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2008/04/01 13:33:16 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/17 16:28:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/24 10:59:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/18 14:02:26 | 000,000,000 | ---D | M]

[2010/01/28 12:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cjxmccac\AppData\Roaming\Mozilla\Extensions
[2011/07/01 13:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cjxmccac\AppData\Roaming\Mozilla\Firefox\Profiles\erf86nu4.default\extensions
[2011/06/27 15:02:33 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\cjxmccac\AppData\Roaming\Mozilla\Firefox\Profiles\erf86nu4.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/03/08 19:47:21 | 000,000,000 | ---D | M] (Firecookie) -- C:\Users\cjxmccac\AppData\Roaming\Mozilla\Firefox\Profiles\erf86nu4.default\extensions\[email protected]
[2011/03/23 18:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/19 06:41:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/24 15:52:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/09 09:24:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 14:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\CJXMCCAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ERF86NU4.DEFAULT\EXTENSIONS\[email protected]
[2011/06/24 10:59:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/19 12:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npstrlnk.dll
[2010/01/01 01:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 01:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 01:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/01 13:25:49 | 000,000,148 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.94.0.1 client.openvpn.net
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 13:29:32 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Roaming\Malwarebytes
[2011/07/01 13:29:26 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/01 13:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/01 13:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/01 13:29:21 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/01 13:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/01 13:25:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/01 09:27:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/01 09:27:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/01 09:27:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/01 09:27:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/01 09:25:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/01 09:04:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/01 09:03:34 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\cjxmccac\Desktop\TDSSKiller.exe
[2011/06/30 09:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ewido anti-malware
[2011/06/30 09:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/30 09:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/06/30 08:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/06/30 08:57:55 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/29 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\Desktop\Website Ideas
[2011/06/28 10:56:35 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Local\Pipe Mania
[2011/06/28 10:53:49 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Roaming\Opera
[2011/06/28 10:53:49 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Local\Opera
[2011/06/28 10:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011/06/27 10:36:59 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\ProtegeSports
[2011/06/22 14:02:54 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\Desktop\test
[2011/06/16 16:23:05 | 000,000,000 | ---D | C] -- C:\mongodb
[2011/06/16 14:05:15 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\AppData\Roaming\DonationCoder
[2011/06/16 14:05:14 | 000,000,000 | ---D | C] -- C:\Users\cjxmccac\Documents\DonationCoder
[2011/06/16 14:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/06/16 14:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011/06/16 14:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\URLSnooper2
[2011/06/16 14:01:23 | 000,000,000 | ---D | C] -- C:\rtmpdump-2.3
[2011/06/14 07:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/14 07:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/10 22:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2009/12/12 11:19:05 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\cjxmccac\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/07/01 13:45:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 13:45:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 13:37:22 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 13:37:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 13:36:56 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 13:31:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2908030762-2616769476-3972435295-1001UA.job
[2011/07/01 13:29:26 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 13:26:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 13:25:49 | 000,000,148 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/01 09:31:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2908030762-2616769476-3972435295-1001Core.job
[2011/06/30 10:44:29 | 000,000,036 | ---- | M] () -- C:\Users\cjxmccac\AppData\Local\housecall.guid.cache
[2011/06/30 08:57:55 | 000,002,991 | ---- | M] () -- C:\Users\cjxmccac\Desktop\HiJackThis.lnk
[2011/06/30 08:49:56 | 000,155,648 | RHS- | M] () -- C:\Windows\SysWow64\C_13612.dll
[2011/06/30 08:06:00 | 000,000,893 | ---- | M] () -- C:\Users\cjxmccac\.Xauthority
[2011/06/29 19:04:55 | 388,453,359 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/29 08:59:02 | 000,002,016 | ---- | M] () -- C:\Users\cjxmccac\Documents\Default.rdp
[2011/06/28 17:14:23 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/06/28 17:14:23 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/06/28 15:51:52 | 105,701,376 | ---- | M] () -- C:\Users\cjxmccac\Desktop\parasitology.mdb
[2011/06/28 11:03:02 | 000,001,256 | ---- | M] () -- C:\Users\cjxmccac\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/28 09:19:44 | 000,001,456 | ---- | M] () -- C:\Users\cjxmccac\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/26 17:32:34 | 000,737,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/26 17:32:34 | 000,149,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/25 23:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/20 14:39:08 | 000,000,600 | ---- | M] () -- C:\Users\cjxmccac\AppData\Local\PUTTY.RND
[2011/06/16 16:12:16 | 000,045,056 | ---- | M] (Macromedia Inc.) -- C:\Windows\SysNative\cfperfmon_9.dll
[2011/06/16 14:05:15 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2011/06/16 10:26:27 | 000,051,734 | ---- | M] () -- C:\Users\cjxmccac\Documents\cc_20110616_102619.reg
[2011/06/15 09:57:14 | 005,055,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/15 09:08:06 | 000,904,994 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/14 07:37:55 | 000,279,258 | ---- | M] () -- C:\Users\cjxmccac\Documents\cc_20110614_073746.reg
[2011/06/08 16:27:09 | 000,000,132 | ---- | M] () -- C:\Users\cjxmccac\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/08 10:30:58 | 000,001,199 | ---- | M] () -- C:\Users\cjxmccac\Desktop\SQL-Missing-Index-Analysis.sql
[2011/06/07 16:17:25 | 000,001,337 | ---- | M] () -- C:\Users\cjxmccac\Desktop\Parasite-Patient-Migrate.sql
[2011/06/07 14:26:51 | 000,000,580 | ---- | M] () -- C:\Users\cjxmccac\Desktop\Parasite-Doctor-Migrate.sql
[2011/06/07 08:28:33 | 000,000,331 | ---- | M] () -- C:\Users\cjxmccac\Desktop\cvb-registration-clear.sql

========== Files Created - No Company Name ==========

[2011/07/01 13:29:26 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 09:27:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/01 09:27:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/01 09:27:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/01 09:27:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/01 09:27:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/30 10:44:29 | 000,000,036 | ---- | C] () -- C:\Users\cjxmccac\AppData\Local\housecall.guid.cache
[2011/06/30 08:57:55 | 000,002,991 | ---- | C] () -- C:\Users\cjxmccac\Desktop\HiJackThis.lnk
[2011/06/30 08:49:56 | 000,155,648 | RHS- | C] () -- C:\Windows\SysWow64\C_13612.dll
[2011/06/29 19:04:55 | 388,453,359 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/24 09:51:29 | 105,701,376 | ---- | C] () -- C:\Users\cjxmccac\Desktop\parasitology.mdb
[2011/06/18 14:02:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/16 14:05:15 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2011/06/16 10:26:22 | 000,051,734 | ---- | C] () -- C:\Users\cjxmccac\Documents\cc_20110616_102619.reg
[2011/06/14 07:37:49 | 000,279,258 | ---- | C] () -- C:\Users\cjxmccac\Documents\cc_20110614_073746.reg
[2011/06/08 16:27:09 | 000,000,132 | ---- | C] () -- C:\Users\cjxmccac\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/08 10:30:58 | 000,001,199 | ---- | C] () -- C:\Users\cjxmccac\Desktop\SQL-Missing-Index-Analysis.sql
[2011/06/07 16:17:24 | 000,001,337 | ---- | C] () -- C:\Users\cjxmccac\Desktop\Parasite-Patient-Migrate.sql
[2011/06/07 14:26:51 | 000,000,580 | ---- | C] () -- C:\Users\cjxmccac\Desktop\Parasite-Doctor-Migrate.sql
[2011/01/18 10:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2011/01/18 10:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2010/12/03 11:14:50 | 000,002,534 | ---- | C] () -- C:\Windows\SysWow64\gdi64z.sys
[2010/10/08 16:17:07 | 000,001,456 | ---- | C] () -- C:\Users\cjxmccac\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/16 20:08:55 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/07/14 10:37:53 | 000,001,182 | ---- | C] () -- C:\Windows\xp32i.dat
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/05/24 12:54:00 | 000,000,600 | ---- | C] () -- C:\Users\cjxmccac\AppData\Local\PUTTY.RND
[2010/04/10 14:58:19 | 000,877,748 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/05 15:19:42 | 000,000,044 | ---- | C] () -- C:\Windows\MSYS.INI
[2010/03/28 20:48:23 | 000,033,533 | ---- | C] () -- C:\Windows\SysWow64\CoreVorbis-uninstall.exe
[2010/03/28 20:48:20 | 000,036,734 | ---- | C] () -- C:\Windows\SysWow64\OggDSuninst.exe
[2010/03/28 20:30:59 | 000,000,565 | ---- | C] () -- C:\Users\cjxmccac\AppData\Roaming\AutoGK.ini
[2010/03/28 20:13:44 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/03/28 20:13:44 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/07 12:14:55 | 000,000,550 | ---- | C] () -- C:\Windows\eReg.dat
[2010/01/28 12:25:31 | 000,214,720 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/01/28 12:25:20 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/01/28 12:25:20 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/01/27 14:56:27 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009/12/12 11:33:17 | 000,007,592 | ---- | C] () -- C:\Users\cjxmccac\AppData\Local\Resmon.ResmonCfg
[2009/12/06 10:10:14 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/06 10:10:13 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/06 10:10:13 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/06 10:10:11 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/11/11 04:37:18 | 002,542,458 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002/10/06 11:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002/10/04 16:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002/10/04 16:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== LOP Check ==========

[2010/08/14 10:26:00 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\abgx360
[2010/09/16 11:02:18 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Autodesk
[2011/06/14 07:33:33 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Azureus
[2010/01/14 09:20:31 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Canon
[2011/06/01 11:10:30 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\com.amazon.music.uploader
[2010/05/18 20:03:39 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\DAEMON Tools Lite
[2011/06/16 14:05:15 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\DonationCoder
[2011/06/30 08:02:48 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\FileZilla
[2010/10/08 08:58:43 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\gtk-2.0
[2011/06/26 17:28:48 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\HLSW
[2011/05/31 14:08:09 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\IrfanView
[2010/08/16 19:26:40 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\LolClient
[2010/01/17 15:33:02 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Notepad++
[2011/06/28 10:56:40 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Opera
[2010/10/08 15:51:24 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/03/30 08:12:46 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Trillian
[2010/05/24 11:42:00 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\Western Digital
[2011/05/26 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\cjxmccac\AppData\Roaming\X-Chat 2
[2010/05/18 21:29:49 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C7DEC6B7

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
All three logs look good :yes:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.

    Posted Image

  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP