Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Privacy Protection" Malware HELP! [Closed] [Solved]


  • This topic is locked This topic is locked

#1
flaming321

flaming321

    New Member

  • Member
  • Pip
  • 7 posts
Just before, i was streaming videos from VideoBB and then suddenly a pop up came up which turned off all my programs and anti-virus screen showed up saying i was infected. I tried to open other programs to find out what it was and nothing was working and kept forcing my programs to crash and i began freaking out. I tried restarting my computer and same thing would happen, i finally went into system restore and restored to 2 days time before it stopped. Can someone help me get rid of this problem? Please help me before it comes back



OTL logfile created on: 11/21/2011 1:11:50 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Harry\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 56.39% Memory free
5.19 Gb Paging File | 4.07 Gb Available in Paging File | 78.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 322.64 Gb Free Space | 54.12% Space Free | Partition Type: NTFS

Computer Name: HARRY-PC | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 01:11:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
PRC - [2011/10/04 20:21:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/02 07:46:00 | 000,446,328 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/05 07:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2010/05/05 07:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxebcoms.exe
PRC - [2010/04/14 14:55:54 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxebserv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/06 16:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/16 21:23:22 | 000,255,400 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2011/11/07 20:00:20 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 20:24:39 | 000,030,056 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsdone.dll
MOD - [2011/11/02 20:09:20 | 000,034,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsstatistic.dll
MOD - [2011/10/04 20:21:04 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/26 07:00:30 | 000,547,688 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2011/08/22 04:50:24 | 000,143,720 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\kernel\FWUpnp.dll
MOD - [2010/06/13 16:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/05/05 07:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2010/05/05 07:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxebdatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEBsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEBsm.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/11 20:40:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxebcoms.exe -- (lxeb_device)
SRV - [2010/04/14 14:55:54 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 16:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 16:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/11/21 01:09:11 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F5C9505-9C41-4999-A154-CDA8AF4CCC5F}\MpKsl628d9f03.sys -- (MpKsl628d9f03)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/07/26 21:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/03/08 03:37:00 | 007,745,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/06 03:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/06 16:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 16:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 16:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 09:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 09:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/03/19 16:11:22 | 000,090,968 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Harry\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC EC 3D 61 68 CF CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 20:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/13 18:32:45 | 000,000,000 | ---D | M]

[2010/12/18 01:24:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harry\AppData\Roaming\Mozilla\Extensions
[2009/07/30 23:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/24 19:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\uymtg09i.default\extensions
[2010/12/19 16:34:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\uymtg09i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/21 01:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/14 21:30:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 15:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/15 09:31:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/21 01:05:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/04 20:21:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/12/01 22:22:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [Lexmark Pro200-S500 Series Fax Server] C:\Program Files\Lexmark Pro200-S500 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.EXE (PPLive Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CA413AD-880A-4656-BB45-7F4560B5CFE9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFE0B7ED-E733-40D2-A273-5CE669A2E5DE}: NameServer = 68.237.161.12 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 01:11:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2011/11/21 01:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/21 00:55:33 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{9A9B3EC5-FAB0-432B-91F6-339B4B96471D}
[2011/11/21 00:55:28 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{F16F5A4E-E620-4477-AED3-99F0EA4CC4AA}
[2011/11/21 00:45:54 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{AF997364-7281-4408-8251-77A9F9B6528E}
[2011/11/21 00:45:40 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{70E12970-4C70-4F68-9FC5-1F1C1889B4FA}
[2011/11/20 10:59:38 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{62B89043-01EB-4401-8C81-FDA1E5F92A2D}
[2011/11/20 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{68C7513B-690C-44EF-BFC5-542116D12D83}
[2011/11/19 12:08:53 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{84CA4219-2730-411B-B7BD-E2EF993BD358}
[2011/11/19 12:08:41 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{2F24A3BD-53E4-49CD-8784-7771A3184DC6}
[2011/11/18 19:17:58 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{4DC1A12C-BA77-41C8-889A-3005028B4B27}
[2011/11/18 19:17:57 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{384FC1B8-0267-42D3-9DA3-F5E4EB9CBDE8}
[2011/11/17 20:20:15 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{C8B7AB38-4036-48C7-9057-2A4A59E54CA3}
[2011/11/17 20:20:00 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{0A3721B9-EF05-4308-8C76-E0D4D7D58633}
[2011/11/16 21:14:23 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{AF82404B-5410-4E3D-A857-D51A92991AC0}
[2011/11/16 21:14:11 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{772C46E2-EE7F-45CB-90AA-41B95EAE251C}
[2011/11/15 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{1FA52BAF-4778-4D02-A178-1FB528CA401E}
[2011/11/15 20:35:00 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{FD9C0929-6105-4D0B-B4C5-F4CB3F28F4F6}
[2011/11/14 20:54:41 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{E2868CB7-F876-432F-AD83-E317AF2E0852}
[2011/11/14 20:54:39 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{5A52886B-36B8-4FEE-A52E-C9DDE519049D}
[2011/11/13 12:06:01 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{A75B8047-5E34-4369-B7DD-D49083C6642D}
[2011/11/13 12:05:56 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{A92CD9D6-DCED-4F7D-A546-3673B7E1E846}
[2011/11/12 12:08:05 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{7908A978-0870-4DFD-8A35-B2AAF0E18E22}
[2011/11/12 12:07:57 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{5F85E9F3-93CD-4109-A90D-F71F44770C01}
[2011/11/11 22:14:51 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{FB5828ED-F29F-45AD-9AD6-E7BD9C1030E0}
[2011/11/11 22:14:43 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{11A55127-54E5-43E7-B064-3C0B6A105083}
[2011/11/10 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{E63D5CAC-EB0E-48B9-9E46-1F811FF08845}
[2011/11/10 21:37:33 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{9003021D-32B4-4BA7-975C-89F86674A319}
[2011/11/10 21:19:20 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/11/10 20:49:51 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{F867663E-A8D0-4972-A1C7-EAE8BBE287CD}
[2011/11/09 23:20:19 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{BAB6148E-45DD-4408-A2ED-C65DB02671F3}
[2011/01/20 20:29:52 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxebcoin.dll
[2011/01/20 20:25:30 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEBhcp.dll
[2011/01/20 20:25:29 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxebserv.dll
[2011/01/20 20:25:29 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxebusb1.dll
[2011/01/20 20:25:29 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxebinpa.dll
[2011/01/20 20:25:29 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxebiesc.dll
[2011/01/20 20:25:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxebpmui.dll
[2011/01/20 20:25:28 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeblmpm.dll
[2011/01/20 20:25:27 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxebhbn3.dll
[2011/01/20 20:25:27 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxebih.exe
[2011/01/20 20:25:26 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxebcoms.exe
[2011/01/20 20:25:26 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxebcomm.dll
[2011/01/20 20:25:25 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxebcomc.dll
[2011/01/20 20:25:25 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxebcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/11/21 01:11:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Desktop\OTL.exe
[2011/11/21 01:09:40 | 000,384,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/21 01:09:11 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 01:09:09 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 01:08:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/21 01:08:42 | 2675,105,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 00:51:26 | 000,610,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 00:51:26 | 000,106,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 00:23:12 | 000,001,356 | ---- | M] () -- C:\Users\Harry\AppData\Local\d3d9caps.dat
[2011/11/18 23:49:52 | 000,001,754 | -H-- | M] () -- C:\Users\Harry\Documents\Default.rdp
[2011/11/17 23:12:55 | 000,062,601 | ---- | M] () -- C:\Users\Harry\Desktop\Untitled.jpg
[2011/11/17 23:10:07 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/29 12:46:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

========== Files Created - No Company Name ==========

[2011/11/21 00:26:30 | 2675,105,792 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/17 23:12:55 | 000,062,601 | ---- | C] () -- C:\Users\Harry\Desktop\Untitled.jpg
[2011/11/14 21:12:03 | 000,001,754 | -H-- | C] () -- C:\Users\Harry\Documents\Default.rdp
[2011/10/29 12:46:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/03/29 08:05:48 | 000,709,992 | ---- | C] () -- C:\Windows\System32\kindling.dll
[2011/01/20 20:29:57 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxebvs.dll
[2011/01/20 20:29:42 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxebgcfg.dll
[2011/01/20 20:29:40 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxebcui.dll
[2011/01/20 20:29:40 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxebcuir.dll
[2011/01/20 20:27:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\LXEBPMON.DLL
[2011/01/20 20:27:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXEBFXPU.DLL
[2011/01/20 20:27:02 | 004,485,120 | ---- | C] () -- C:\Windows\System32\LXEBoem.dll
[2011/01/20 20:25:45 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxebrwrd.ini
[2011/01/20 20:25:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEBinst.dll
[2011/01/20 20:25:28 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxebinsb.dll
[2011/01/20 20:25:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxebinsr.dll
[2011/01/20 20:25:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxebjswr.dll
[2011/01/20 20:25:27 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxebins.dll
[2011/01/20 20:25:27 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxebgrd.dll
[2011/01/20 20:25:27 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxebcub.dll
[2011/01/20 20:25:26 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxebcu.dll
[2011/01/20 20:25:26 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxebcur.dll
[2011/01/20 20:23:29 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEBsm.dll
[2011/01/20 20:23:29 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEBsmr.dll
[2010/12/08 19:48:43 | 000,000,192 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/12/08 19:48:00 | 000,000,018 | ---- | C] () -- C:\Windows\Epson777.ini
[2010/12/08 19:47:58 | 000,053,248 | ---- | C] () -- C:\Windows\runepson.exe
[2010/11/10 20:15:21 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2010/08/29 18:34:09 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2009/09/06 23:23:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/17 01:07:31 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/27 00:18:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/27 00:18:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/27 00:16:36 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/26 21:25:06 | 000,055,515 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/06/25 22:45:50 | 000,170,496 | ---- | C] () -- C:\Users\Harry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/25 22:19:11 | 000,001,356 | ---- | C] () -- C:\Users\Harry\AppData\Local\d3d9caps.dat
[2009/06/25 20:13:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/07 11:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 11:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/02/06 16:45:04 | 000,025,632 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/02/06 16:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2007/02/03 07:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,384,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,610,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,106,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2000/04/17 21:02:00 | 000,000,110 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT

========== LOP Check ==========

[2009/06/25 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\acccore
[2011/08/25 01:44:10 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\FileZilla
[2011/11/21 00:07:23 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\go
[2010/06/30 20:24:56 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\LimeWire
[2010/08/29 20:22:07 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\ooVoo Details
[2010/07/11 18:52:55 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PPLive
[2009/11/24 20:08:10 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PPLiveVA
[2010/07/11 18:48:28 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PPStream
[2011/01/20 22:30:25 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Pro200-S500 Series
[2010/05/22 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\TeamViewer
[2011/11/21 01:05:42 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >






OTL Extras logfile created on: 11/21/2011 1:11:50 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Harry\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 56.39% Memory free
5.19 Gb Paging File | 4.07 Gb Available in Paging File | 78.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 322.64 Gb Free Space | 54.12% Space Free | Partition Type: NTFS

Computer Name: HARRY-PC | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2202C311-2343-4F1B-9A42-A97D140B8266}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{39D6CD2C-69A6-42E3-A20A-5A5FAA23D92B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{4AF22847-45A3-4870-9508-84D8953B564D}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{61CF9BA5-346C-44EB-A5BC-1C48AFAAA3FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A71A38AA-6BF7-4AF0-A95A-B310358BAB84}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C72245EF-6FA5-4EB9-A1B9-31C9E4AA2BBB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049D86E5-9A07-4A57-87CF-20B3D67BFDD0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{06ACD411-AE23-416B-87E5-CFD86DC1CC2B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0BFF4E02-E553-44D1-9854-6251F5FDF8A3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1155F648-7571-48E8-A491-8473D3A4B69B}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{125B9C69-8392-4664-AC93-1AE4D3CC3823}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{153F696F-8121-42F6-BB49-E927A764833F}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{16D4A330-5A72-42F3-8A5D-862857E8EBBF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{1FB5EB25-C05D-47B6-AD7C-3825E1DFBEAD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{22B1FA9B-BEBB-42C9-AA16-F663713AA156}" = protocol=6 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
"{297BC80B-DFA6-4131-A9B9-E8754CED5E9A}" = protocol=6 | dir=in | app=c:\program files\lexmark pro200-s500 series\lxebfax.exe |
"{2993CB45-4AD4-4E67-B04E-4BD858280187}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{2A0F2252-A19C-4CF6-A070-589A91741B9E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{35500825-50EE-42B2-A1E0-8681EE8A962F}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{379C8A17-A0E7-4D26-BCA7-B9A33A06E687}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3DA945E7-F574-4071-9065-3761AD4C969E}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{3E2C5247-5CC1-45CB-A07D-1BA258ECF56B}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{3F5DF60D-BA1F-4C7D-AB39-255FFC9DD68A}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\geddochino\counter-strike\hl.exe |
"{3FA0382D-C39E-44B5-930E-3FB5D81207CF}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3FD77F2F-C642-434C-AB22-3B4BBE6D890C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3FF3045A-B484-4A43-B8D5-FD9C15E28DF7}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{4448F98D-709C-4714-A763-7C52F9794427}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{49E84211-17D4-4777-8E86-A7C2246D7E42}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4CB50CDB-102F-438C-9ED9-4D200DD6940C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{51C35AE1-773B-45A8-A11E-D8AAF9C1C8B8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{54B22422-B1FE-44C4-A36D-61E5EC6740F3}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{5997F48A-45EC-41A0-983F-7B47517D9DB7}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\geddochino\counter-strike\hl.exe |
"{6701D9AC-2407-4738-AF12-FA5488B50B26}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6825CF51-1DA6-4EDE-A2DF-80A63B12CD1F}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6BEE7D99-D67D-48ED-B618-B320BD31919A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D3DA5D3-6AF3-4177-B74A-383F0D9E5E9D}" = protocol=17 | dir=in | app=c:\program files\ppliveva\flvpick.exe |
"{6F98953E-39AF-4DA4-BE38-3B385DF44536}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75C79266-5D70-4FC6-A2F3-8C530133F368}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{78806AA2-C4D4-4D94-9E90-09C81E0F1108}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{7E1795A0-52FC-4FAD-95A0-41F8F896E313}" = protocol=17 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
"{7F09E5BB-A2B9-4878-9BFA-5603E4696769}" = protocol=6 | dir=in | app=c:\program files\ppliveva\flvpick.exe |
"{8303E3B7-5D5E-40D3-ADD3-EB3AD7EBE6AB}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{872F25E8-27F4-49FF-830E-9C5C8EC4CBCE}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{8A094E79-17E1-4431-A338-982FC8D92B3F}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{90AAACD9-96F5-487E-AD9D-2F8403A5F234}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{924767FD-B357-4369-83F8-B713B182C626}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{9657ADAF-2E8F-431F-BA16-2BB6366D2E2B}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{96655EC3-2484-4E03-8792-B6E3349FCA74}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{9734E822-9C2D-4B4E-90EB-BB0540E35275}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{A15618A4-F706-479E-AEE6-408189C50E8B}" = protocol=17 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
"{A4F7CF2C-794B-4398-8F37-01E0280C0899}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{A7855D40-A33B-4E01-8CEA-C30D3684B801}" = protocol=6 | dir=in | app=c:\program files\ppliveva\download.exe |
"{A8F136D8-6F76-4129-BE63-DF092D187B64}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{AAF4F7DC-191B-43D9-B125-DAA7BAC8A67A}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{AC3C4AE7-D766-4A21-82A7-57546D8A8D6F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{B1C830A0-45A2-45E3-92A8-9597C1C6B9A4}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{BAF43518-7AC6-48FE-9CFB-9F9E0A7EA3FD}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{BD1B1D73-F668-48F4-8890-BDF223D91427}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{C3CA19F7-9A14-44A1-B9AB-0018B37445F4}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{C55A61F6-AD67-4199-8F35-1EC3B3A46528}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{CA44124A-4C16-4377-84CD-711008C567D5}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{CA89C951-6AF7-46A1-82B3-14D618B6469D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{CB9F3782-7A6C-44D6-9491-0335FF64A76F}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{D3448209-81A5-4E15-94CC-336C1460145D}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{D51C36BF-0705-4A6E-9BE2-6F3A4C2BCF11}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{D60E05C9-8013-4F65-8B7A-1DE1477E4DCC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D66F971D-85D6-4FA2-92E1-856238955303}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.1.2.2014_1\program\xldoctorui.exe |
"{D8A0BD13-3F1A-49A6-90B9-ACFBBB3EDD30}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DB46EEB3-AC1C-42E7-BB4A-E8F77A7F8D66}" = protocol=6 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
"{DCCEBE99-C818-4EC4-B8E8-96C108E1E33C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E02D01BD-01C8-4441-9311-823F634FAE87}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{E0F4E3D4-611C-44AE-8B54-F46C1B1BB421}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{E2129730-730F-4458-ADB5-5084B37381A7}" = protocol=17 | dir=in | app=c:\program files\lexmark pro200-s500 series\lxebfax.exe |
"{E6B92450-7469-4E03-A4B4-55CBC5B22C6B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{E9AC300B-21A5-4DDB-87D1-23DC2121423F}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{ED7002CE-7ABA-4B95-9EBC-9F3713332B2E}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.1.2.2014_1\program\xldoctorui.exe |
"{EEC863CB-1F25-4A83-872D-4DD47B4155CD}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{F4DBD172-E734-49F8-B471-789B059ECA2C}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F74F9C3B-B4E1-41DF-B3B7-DF6799B00229}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{FBA77C31-AA68-44E5-BB9D-5B7737423D9B}" = protocol=17 | dir=in | app=c:\program files\ppliveva\download.exe |
"{FF63AA5A-B305-49B1-9607-47F16455C5EF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{079726BC-653E-43CF-A24C-1EC5E3716490}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{07EB6C60-336D-433C-9537-CF3B5E587C18}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1558AFD7-FFC2-4943-8E85-CA22C03DB468}C:\program files\ppliveva\ppliveva.exe" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"TCP Query User{44A14D06-A48C-43A9-9CAA-B392861B3A64}C:\program files\avant browser\avant.exe" = protocol=6 | dir=in | app=c:\program files\avant browser\avant.exe |
"TCP Query User{57AFF924-0936-4494-A2E7-83D8F1DB97CD}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{708C4C98-ABEC-4195-8568-20F957E0192E}C:\program files\szplayer\szplayer.exe" = protocol=6 | dir=in | app=c:\program files\szplayer\szplayer.exe |
"TCP Query User{77475160-521F-451B-B454-DE52C98C211C}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{91117358-75A4-4230-851B-A38F2D590638}C:\program files\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"TCP Query User{A47DFBDD-7516-4F0E-9CC2-F9B7FBF64C5C}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{C7E973B1-690F-47F2-B551-7461C8C5CAA6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DD59E9A3-D894-4866-B8D8-F731D1312465}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{F7473FB8-B809-4F30-8052-BB1A17A5E28F}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{FAD12D7C-2B43-43BB-B275-8170546E0863}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{000E929D-0238-40E3-A2EE-DD6D3419A511}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{1B04C691-0030-499D-8858-7F943016C2F6}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4D1E1843-3A81-466B-AA76-86FA751B7122}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{80CB6D10-BCC3-49C0-877A-CF46EAE4264F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8AF39BAC-E885-43C9-B3B5-5AF5E4D2D29F}C:\program files\szplayer\szplayer.exe" = protocol=17 | dir=in | app=c:\program files\szplayer\szplayer.exe |
"UDP Query User{AC60A5BC-48B0-43E4-A909-F47B7648466D}C:\program files\avant browser\avant.exe" = protocol=17 | dir=in | app=c:\program files\avant browser\avant.exe |
"UDP Query User{B869303A-F5B1-4D5A-B660-45A72DFB3676}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{BA395053-0CC0-444F-9CEA-05E6DA901CA4}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{BC19A509-C0F3-42EA-8C1D-349F66525FE1}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{C5C8ED99-FF60-462A-8F08-1225D4221874}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E3DF8318-6664-4B46-9719-61C69741D8BA}C:\program files\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"UDP Query User{E7D83213-6D56-44C4-AE71-FBF3ED6021BF}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{FBB8057E-CECE-4AF9-8487-15B38385B987}C:\program files\ppliveva\ppliveva.exe" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike™
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.3
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Garena" = Garena
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapleStory" = MapleStory
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PPLive" = PPTV V3.0.6.0006
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"TurboTax 2010" = TurboTax 2010
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2011 7:05:55 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/6/2011 8:31:11 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/7/2011 7:12:01 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/8/2011 8:29:58 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/9/2011 5:56:02 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/10/2011 12:49:29 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/11/2011 9:05:53 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/12/2011 8:20:27 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/13/2011 8:14:03 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/14/2011 8:29:46 PM | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 7/21/2009 2:57:09 PM | Computer Name = Harry-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 103
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/21/2011 1:56:00 AM | Computer Name = Harry-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/21/2011 2:08:35 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 11/21/2011 2:08:35 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 11/21/2011 2:08:35 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 11/21/2011 2:08:35 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 11/21/2011 2:08:35 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 11/21/2011 2:08:35 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 11/21/2011 2:08:35 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 11/21/2011 2:08:35 AM | Computer Name = Harry-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =

Error - 11/21/2011 2:10:26 AM | Computer Name = Harry-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Edited by flaming321, 21 November 2011 - 12:22 AM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello flaming321 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/11/21 00:55:33 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{9A9B3EC5-FAB0-432B-91F6-339B4B96471D}
    [2011/11/21 00:55:28 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{F16F5A4E-E620-4477-AED3-99F0EA4CC4AA}
    [2011/11/21 00:45:54 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{AF997364-7281-4408-8251-77A9F9B6528E}
    [2011/11/21 00:45:40 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{70E12970-4C70-4F68-9FC5-1F1C1889B4FA}
    [2011/11/20 10:59:38 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{62B89043-01EB-4401-8C81-FDA1E5F92A2D}
    [2011/11/20 10:59:36 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{68C7513B-690C-44EF-BFC5-542116D12D83}
    [2011/11/19 12:08:53 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{84CA4219-2730-411B-B7BD-E2EF993BD358}
    [2011/11/19 12:08:41 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{2F24A3BD-53E4-49CD-8784-7771A3184DC6}
    [2011/11/18 19:17:58 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{4DC1A12C-BA77-41C8-889A-3005028B4B27}
    [2011/11/18 19:17:57 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{384FC1B8-0267-42D3-9DA3-F5E4EB9CBDE8}
    [2011/11/17 20:20:15 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{C8B7AB38-4036-48C7-9057-2A4A59E54CA3}
    [2011/11/17 20:20:00 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{0A3721B9-EF05-4308-8C76-E0D4D7D58633}
    [2011/11/16 21:14:23 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{AF82404B-5410-4E3D-A857-D51A92991AC0}
    [2011/11/16 21:14:11 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{772C46E2-EE7F-45CB-90AA-41B95EAE251C}
    [2011/11/15 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{1FA52BAF-4778-4D02-A178-1FB528CA401E}
    [2011/11/15 20:35:00 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{FD9C0929-6105-4D0B-B4C5-F4CB3F28F4F6}
    [2011/11/14 20:54:41 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{E2868CB7-F876-432F-AD83-E317AF2E0852}
    [2011/11/14 20:54:39 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{5A52886B-36B8-4FEE-A52E-C9DDE519049D}
    [2011/11/13 12:06:01 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{A75B8047-5E34-4369-B7DD-D49083C6642D}
    [2011/11/13 12:05:56 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{A92CD9D6-DCED-4F7D-A546-3673B7E1E846}
    [2011/11/12 12:08:05 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{7908A978-0870-4DFD-8A35-B2AAF0E18E22}
    [2011/11/12 12:07:57 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{5F85E9F3-93CD-4109-A90D-F71F44770C01}
    [2011/11/11 22:14:51 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{FB5828ED-F29F-45AD-9AD6-E7BD9C1030E0}
    [2011/11/11 22:14:43 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{11A55127-54E5-43E7-B064-3C0B6A105083}
    [2011/11/10 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{E63D5CAC-EB0E-48B9-9E46-1F811FF08845}
    [2011/11/10 21:37:33 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{9003021D-32B4-4BA7-975C-89F86674A319}
    [2011/11/10 20:49:51 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{F867663E-A8D0-4972-A1C7-EAE8BBE287CD}
    [2011/11/09 23:20:19 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\{BAB6148E-45DD-4408-A2ED-C65DB02671F3}

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
flaming321

flaming321

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much for the reply, and happy thanksgiving. For the Malwarebytes scan i did not detected anything, but i did do a scan right after i got infected with the privacy protection malware and it picked up some malware, so i'll post those logs the past 3 days. Let me know if you need anything, thank you again.



========== OTL ==========
C:\Users\Harry\AppData\Local\{9A9B3EC5-FAB0-432B-91F6-339B4B96471D} folder moved successfully.
C:\Users\Harry\AppData\Local\{F16F5A4E-E620-4477-AED3-99F0EA4CC4AA} folder moved successfully.
C:\Users\Harry\AppData\Local\{AF997364-7281-4408-8251-77A9F9B6528E} folder moved successfully.
C:\Users\Harry\AppData\Local\{70E12970-4C70-4F68-9FC5-1F1C1889B4FA} folder moved successfully.
C:\Users\Harry\AppData\Local\{62B89043-01EB-4401-8C81-FDA1E5F92A2D} folder moved successfully.
C:\Users\Harry\AppData\Local\{68C7513B-690C-44EF-BFC5-542116D12D83} folder moved successfully.
C:\Users\Harry\AppData\Local\{84CA4219-2730-411B-B7BD-E2EF993BD358} folder moved successfully.
C:\Users\Harry\AppData\Local\{2F24A3BD-53E4-49CD-8784-7771A3184DC6} folder moved successfully.
C:\Users\Harry\AppData\Local\{4DC1A12C-BA77-41C8-889A-3005028B4B27} folder moved successfully.
C:\Users\Harry\AppData\Local\{384FC1B8-0267-42D3-9DA3-F5E4EB9CBDE8} folder moved successfully.
C:\Users\Harry\AppData\Local\{C8B7AB38-4036-48C7-9057-2A4A59E54CA3} folder moved successfully.
C:\Users\Harry\AppData\Local\{0A3721B9-EF05-4308-8C76-E0D4D7D58633} folder moved successfully.
C:\Users\Harry\AppData\Local\{AF82404B-5410-4E3D-A857-D51A92991AC0} folder moved successfully.
C:\Users\Harry\AppData\Local\{772C46E2-EE7F-45CB-90AA-41B95EAE251C} folder moved successfully.
C:\Users\Harry\AppData\Local\{1FA52BAF-4778-4D02-A178-1FB528CA401E} folder moved successfully.
C:\Users\Harry\AppData\Local\{FD9C0929-6105-4D0B-B4C5-F4CB3F28F4F6} folder moved successfully.
C:\Users\Harry\AppData\Local\{E2868CB7-F876-432F-AD83-E317AF2E0852} folder moved successfully.
C:\Users\Harry\AppData\Local\{5A52886B-36B8-4FEE-A52E-C9DDE519049D} folder moved successfully.
C:\Users\Harry\AppData\Local\{A75B8047-5E34-4369-B7DD-D49083C6642D} folder moved successfully.
C:\Users\Harry\AppData\Local\{A92CD9D6-DCED-4F7D-A546-3673B7E1E846} folder moved successfully.
C:\Users\Harry\AppData\Local\{7908A978-0870-4DFD-8A35-B2AAF0E18E22} folder moved successfully.
C:\Users\Harry\AppData\Local\{5F85E9F3-93CD-4109-A90D-F71F44770C01} folder moved successfully.
C:\Users\Harry\AppData\Local\{FB5828ED-F29F-45AD-9AD6-E7BD9C1030E0} folder moved successfully.
C:\Users\Harry\AppData\Local\{11A55127-54E5-43E7-B064-3C0B6A105083} folder moved successfully.
C:\Users\Harry\AppData\Local\{E63D5CAC-EB0E-48B9-9E46-1F811FF08845} folder moved successfully.
C:\Users\Harry\AppData\Local\{9003021D-32B4-4BA7-975C-89F86674A319} folder moved successfully.
C:\Users\Harry\AppData\Local\{F867663E-A8D0-4972-A1C7-EAE8BBE287CD} folder moved successfully.
C:\Users\Harry\AppData\Local\{BAB6148E-45DD-4408-A2ED-C65DB02671F3} folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11242011_153423
  • 0

#4
flaming321

flaming321

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the scan from right after i've got infected.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8205

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/21/2011 12:53:10 AM
mbam-log-2011-11-21 (00-53-10).txt

Scan type: Quick scan
Objects scanned: 176474
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Harry\AppData\Local\temp\7F0E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Local\temp\8B34.tmp (Trojan.Agent) -> Quarantined and deleted successfully.










**********NEW SCAN*********************


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8234

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/24/2011 3:45:53 PM
mbam-log-2011-11-24 (15-45-53).txt

Scan type: Quick scan
Objects scanned: 178398
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by flaming321, 24 November 2011 - 02:50 PM.

  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Any problems?

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Complete scan sometimes takes up to 3 hours to finish so please be patient.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#6
flaming321

flaming321

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello, I am having problems with the scan, for some reason it always stalls when it begins to scan my media files (music), which in this case is a .m4a file. Could there be a reason why? I couldn't even finish the express scan when it began to just scan the file and would never go past that even after waiting for 2 hours. So i cancelled the scan and just started a complete scan, after about 20 minutes in when it reaches another music file it would stall again. The file is under a language that is different from english by the way, if that might help. So i saved a partial report of the scan and its all i have. Please help me, thanks


tipsclient.dll;c:\program files\common files\pplivenetwork;Probably DLOADER.Trojan;Will be deleted after restart.;
OTL____0.exe;C:\Documents and Settings\Harry\DoctorWeb\Quarantine;Trojan.Siggen3.20406;Incurable.Moved.;
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
let's try another scanner...

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
User returned

Hi flaming321,

Please post VRT results. How is your system now? Any problems?
  • 0

#10
flaming321

flaming321

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello, thank you again for helping me and sorry for the late reply. As for the system, aside from using it, i don't really see anything that is eye-catching so i'm not sure if the system is actually running well or not. Though sometimes the computer does slow down quite a bit periodically, As for the logs, it did pick up quite a bunch of malware, please help me out, Thank you.


Status: Deleted (events: 9)
11/29/2011 8:37:58 PM Deleted Trojan program Exploit.JS.Pdfka.bxk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06600001\4FEA8958.VBN High
11/29/2011 8:37:58 PM Deleted Trojan program Exploit.JS.Pdfka.bxk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06600001\4FEA8958.VBN//CryptZ High
11/29/2011 8:37:58 PM Deleted Trojan program Exploit.JS.Pdfka.bxk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06600001\4FEA8958.VBN//CryptZ//data0000 High
11/29/2011 8:37:59 PM Deleted Trojan program Exploit.JS.Pdfka.bxk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AD40000\4EF6F792.VBN High
11/29/2011 8:37:59 PM Deleted Trojan program Exploit.JS.Pdfka.bxk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AD40000\4EF6F792.VBN//CryptZ High
11/29/2011 8:37:59 PM Deleted Trojan program Exploit.JS.Pdfka.bxk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AD40000\4EF6F792.VBN//CryptZ//data0000 High
11/29/2011 8:38:00 PM Deleted Trojan program Exploit.JS.Pdfka.bxk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06600000\4FEA8945.VBN High
11/29/2011 8:38:00 PM Deleted Trojan program Exploit.JS.Pdfka.bxk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06600000\4FEA8945.VBN//CryptZ High
11/29/2011 8:38:00 PM Deleted Trojan program Exploit.JS.Pdfka.bxk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06600000\4FEA8945.VBN//CryptZ//data0000 High
Status: Disinfected (events: 2)
11/29/2011 8:43:21 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ex C:\Documents and Settings\Harry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6cde0e2f-6fe66461 High
11/29/2011 8:43:21 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.ex C:\Documents and Settings\Harry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6cde0e2f-6fe66461/photo/Zoom.class High
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
These are mainly files from Symantec quarantine so they are already neutralized :). Let's try to speed your system.

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image
  • 0

#12
flaming321

flaming321

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey, i don't have a log to report do i? Also does that mean my computer is clean of malware at least? :)
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
No. There are no logs. If you are done with these two steps then we are good to clean system from programs we used.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP