Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet hijacked [Closed]


  • This topic is locked This topic is locked

#1
Brandio

Brandio

    Member

  • Member
  • PipPip
  • 14 posts
I got a virus on my computer the other day. It hid a lot of my files but I was able to fix that but now search engines keep redirecting me to spam and my Starcraft 2 game wont open any more but i haven't tried re installing it yet. So I downloaded the free trial of Malwarebytes' Anti-Malware and it found a couple things then got rid of them and it was fine but then next time I got to the computer it said windows has ran out of virtual memory space or something and I had to restart the computer and the search engines where broken again so I ran the antivirus again and the same thing happened. Also the antivirus keeps saying attacks are getting made against my computer. Here are the logs from the antivirus tell me if I need to post any other information.

First Scan

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8218

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/22/2011 2:26:33 PM
mbam-log-2011-11-22 (14-26-33).txt

Scan type: Full scan (C:\|)
Objects scanned: 328208
Time elapsed: 53 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Branden\application data\Sun\Java\deployment\cache\6.0\15\578f794f-2182be3b (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c4606282-a5bb-4e72-8f2e-505e3f976e1d}\RP125\A0024065.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

Second Scan
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8260

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/28/2011 5:42:40 PM
mbam-log-2011-11-28 (17-42-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 328072
Time elapsed: 1 hour(s), 11 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{c4606282-a5bb-4e72-8f2e-505e3f976e1d}\RP125\A0024030.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.


Protection Log

13:12:09 Branden MESSAGE Protection started successfully
13:12:12 Branden MESSAGE IP Protection started successfully
13:26:36 Branden MESSAGE Protection started successfully
13:26:40 Branden MESSAGE IP Protection started successfully
13:36:17 Branden IP-BLOCK 206.161.121.100 (Type: outgoing)
13:36:17 Branden IP-BLOCK 206.161.121.100 (Type: outgoing)
13:36:20 Branden IP-BLOCK 206.161.121.100 (Type: outgoing)
13:36:20 Branden IP-BLOCK 206.161.121.100 (Type: outgoing)
13:36:26 Branden IP-BLOCK 206.161.121.100 (Type: outgoing)
13:36:26 Branden IP-BLOCK 206.161.121.100 (Type: outgoing)
14:05:29 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:05:32 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:05:38 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:07:26 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:07:29 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:07:35 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:09:27 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:09:30 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:09:36 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:28:37 (null) MESSAGE Protection started successfully
14:28:58 Branden MESSAGE IP Protection started successfully
14:29:52 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:29:55 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:30:01 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:31:19 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:31:22 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:31:28 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:33:19 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:33:22 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
14:33:28 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
16:00:01 Branden MESSAGE Scheduled update executed successfully
16:00:01 Branden MESSAGE IP Protection stopped
16:00:15 Branden MESSAGE Database updated successfully
16:00:16 Branden MESSAGE IP Protection started successfully
16:37:50 Branden MESSAGE Protection started successfully
16:37:58 Branden MESSAGE IP Protection started successfully
16:53:17 Branden IP-BLOCK 208.73.210.29 (Type: outgoing)
16:53:19 Branden IP-BLOCK 208.73.210.29 (Type: outgoing)
16:53:25 Branden IP-BLOCK 208.73.210.29 (Type: outgoing)
17:03:30 Branden IP-BLOCK 188.124.9.154 (Type: incoming)
17:04:38 Branden IP-BLOCK 121.125.67.11 (Type: incoming)
18:27:41 Branden IP-BLOCK 194.85.61.78 (Type: outgoing)
18:27:44 Branden IP-BLOCK 194.85.61.78 (Type: outgoing)
18:27:50 Branden IP-BLOCK 194.85.61.78 (Type: outgoing)
18:28:01 Branden IP-BLOCK 194.85.61.78 (Type: outgoing)
18:28:04 Branden IP-BLOCK 194.85.61.78 (Type: outgoing)
18:28:10 Branden IP-BLOCK 194.85.61.78 (Type: outgoing)
21:17:59 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
21:18:02 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
21:18:08 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
21:19:57 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
21:20:00 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
21:20:06 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
21:21:57 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
21:22:00 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
21:22:06 Branden IP-BLOCK 64.120.141.165 (Type: outgoing)
21:58:31 Branden IP-BLOCK 121.125.67.11 (Type: incoming)
22:30:10 Branden IP-BLOCK 222.189.238.115 (Type: incoming)
  • 0

Advertisements


#2
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello and welcome to GeeksToGo :)

I'm Steve and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • Please do not try to fix anything without being asked
  • Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.

We need to get some logs to analyse. Please do the following:


Step 1:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Step 2:

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Please remember to post both the two logs from OTL ans also the log from aswMBR
  • 0

#3
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Im trying to upload the log but it keeps freezing up my internet so I'm going to break the first one in to a couple post.

Edited by Brandio, 30 November 2011 - 05:25 PM.

  • 0

#4
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 11/30/2011 2:01:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Branden\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.30% Memory free
4.82 Gb Paging File | 3.82 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 350.85 Gb Free Space | 75.33% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DOWNSTAIRS | User Name: Branden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/30 13:58:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Branden\Desktop\OTL.exe
PRC - [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/11/11 00:31:16 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2011/09/27 20:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/09/09 15:06:48 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/09/03 13:05:20 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 15:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/08/02 02:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/15 16:20:40 | 001,752,376 | ---- | M] () -- C:\Program Files\MSI\Live Update 5\LU5.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/01/25 12:11:16 | 000,438,272 | ---- | M] (MSI CO.,LTD.) -- C:\Program Files\MSI\Super-Charger\Super-Charger.exe
PRC - [2010/11/23 03:33:20 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2010/11/17 11:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/08/02 19:13:12 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/12/15 12:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/09 17:48:20 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\dldtcoms.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/13 14:00:20 | 002,441,216 | ---- | M] (Cyberlink) -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\Power2Go\Power2GoExpress.exe
PRC - [2006/08/31 15:21:06 | 000,733,184 | ---- | M] (CyberLink Corporation.) -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\InstantBurn\Win2K\IBurn.exe
PRC - [2005/01/12 02:01:32 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/22 11:59:03 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011/11/22 11:59:00 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/11/22 11:59:00 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/11/22 11:59:00 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/11/22 11:59:00 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/11/15 00:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 00:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 00:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 00:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 00:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/14 21:36:18 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011/09/09 15:06:48 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/07/15 16:20:40 | 001,752,376 | ---- | M] () -- C:\Program Files\MSI\Live Update 5\LU5.exe
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/12/15 12:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 12:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/07/23 15:41:04 | 000,782,336 | ---- | M] () -- C:\WINDOWS\system32\dldtdrs.dll
MOD - [2009/07/02 11:40:18 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldtdrpp.dll
MOD - [2009/07/02 09:02:18 | 000,031,840 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\richvideops.dll
MOD - [2009/05/14 12:57:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\dldtcaps.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/01/22 01:05:12 | 000,077,906 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtcfg.dll
MOD - [2008/01/22 01:05:12 | 000,077,906 | ---- | M] () -- C:\WINDOWS\system32\dldtcfg.dll
MOD - [2007/11/13 18:13:10 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\dldtcnv4.dll
MOD - [2006/09/11 13:10:38 | 001,662,976 | ---- | M] () -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\Power2Go\P2GRC.dll
MOD - [2006/07/26 10:20:54 | 008,327,168 | ---- | M] () -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\InstantBurn\Win2K\Res.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/23 16:33:22 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_E92D8507)
SRV - [2009/07/09 17:48:20 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)


========== Driver Services (SafeList) ==========

DRV - [2011/10/14 18:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/14 19:09:57 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111104.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/14 19:09:57 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111104.021\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/10 14:21:40 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/06 15:30:53 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/06 15:30:30 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/06 15:30:30 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/03 03:37:14 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111104.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/28 18:15:20 | 006,363,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/10 16:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011/02/10 16:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011/01/14 02:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011/01/12 22:36:42 | 006,407,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/10/20 16:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010/10/19 03:33:40 | 000,041,088 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) Intel®
DRV - [2010/05/10 12:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010/04/10 00:16:04 | 000,032,544 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/09 16:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/08/31 15:03:10 | 000,182,272 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2006/08/31 15:03:10 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2002/08/29 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 73 0B 04 3A A9 CC 01 [binary data]
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/28 16:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_3_6 [2011/11/29 14:03:05 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1004336348-854245398-839522115-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1004336348-854245398-839522115-1005\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKU\S-1-5-21-1004336348-854245398-839522115-1005..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1004336348-854245398-839522115-1005..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1004336348-854245398-839522115-1005..\Run: [Power2GoExpress] C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKU\S-1-5-21-1004336348-854245398-839522115-1005..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-854245398-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll
  • 0

#5
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1315070133703 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...CAB/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.68.4.10 216.68.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DD715EC-7628-4D3C-8111-C2BEE91219FE}: DhcpNameServer = 216.68.4.10 216.68.5.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/02 11:48:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/06 10:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 13:58:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Branden\Desktop\OTL.exe
[2011/11/28 17:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\My Documents\SC2-WingsOfLiberty-enUS-Installer
[2011/11/28 17:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\My Documents\New Folder (2)
[2011/11/28 16:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/22 13:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Application Data\Malwarebytes
[2011/11/22 13:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/22 13:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/22 13:11:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/22 11:51:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/22 11:50:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Branden\Recent
[2011/11/11 10:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/11/11 01:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Local Settings\Application Data\Skyrim
[2011/11/11 01:04:55 | 000,000,000 | ---D | C] -- C:\eb20f9d3840191c9bb0623d1
[2011/11/11 00:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Start Menu\Programs\Steam
[2011/11/11 00:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/11/11 00:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/11/11 00:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2011/11/07 22:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Application Data\Voxatron
[2011/11/07 22:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Voxatron
[2011/11/07 22:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Start Menu\Programs\Voxatron
[2011/11/04 16:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Start Menu\Programs\Google Chrome
[2009/07/09 17:48:22 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtih.exe
[2009/07/09 17:48:20 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcoms.exe
[2009/07/09 17:48:18 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcfg.exe
[2008/01/30 15:02:30 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2008/01/30 14:59:24 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2008/01/30 14:57:42 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2008/01/30 14:56:56 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2008/01/30 14:55:14 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2008/01/30 14:54:56 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2008/01/30 14:54:22 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[2008/01/30 14:53:32 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2008/01/30 14:53:22 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2008/01/30 14:52:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/30 13:58:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Branden\Desktop\OTL.exe
[2011/11/30 13:56:48 | 000,000,334 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/11/30 13:56:41 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/30 13:56:41 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 13:49:00 | 000,000,986 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-854245398-839522115-1005UA.job
[2011/11/30 13:40:00 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/29 22:49:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/29 17:49:00 | 000,000,934 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-854245398-839522115-1005Core.job
[2011/11/29 14:02:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/28 16:43:26 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/23 09:27:25 | 000,109,034 | ---- | M] () -- C:\Documents and Settings\Branden\My Documents\b4spain.rns
[2011/11/22 17:50:22 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Branden\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/22 17:50:21 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Branden\Desktop\Google Chrome.lnk
[2011/11/22 13:11:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/22 12:30:38 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Branden\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to StarCraft II.lnk
[2011/11/22 11:07:28 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\87bAqevuEC681y
[2011/11/22 11:06:22 | 000,000,320 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681y
[2011/11/22 11:06:22 | 000,000,240 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681yr
[2011/11/20 20:19:44 | 039,270,512 | ---- | M] () -- C:\Documents and Settings\Branden\Desktop\Goahead.wav
[2011/11/18 22:34:36 | 000,484,914 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/18 22:34:36 | 000,080,802 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/11 09:01:04 | 000,278,152 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/11 00:43:49 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Branden\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/11 00:27:43 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/09 03:02:05 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 22:00:41 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Branden\Desktop\Voxatron.lnk
[2011/11/01 20:30:05 | 000,152,904 | ---- | M] () -- C:\Documents and Settings\Branden\My Documents\DURPDURPDURP.rns
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/28 16:43:25 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/23 09:27:20 | 000,109,034 | ---- | C] () -- C:\Documents and Settings\Branden\My Documents\b4spain.rns
[2011/11/22 13:11:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/22 12:30:35 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Branden\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to StarCraft II.lnk
[2011/11/22 11:06:22 | 000,000,240 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681yr
[2011/11/22 11:06:21 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681y
[2011/11/22 11:06:15 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\87bAqevuEC681y
[2011/11/20 20:20:45 | 039,270,512 | ---- | C] () -- C:\Documents and Settings\Branden\Desktop\Goahead.wav
[2011/11/11 01:05:55 | 000,166,464 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/11 00:43:48 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Branden\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/11 00:27:43 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/07 22:00:41 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Branden\Desktop\Voxatron.lnk
[2011/11/04 16:45:36 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Branden\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/04 16:45:35 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Branden\Desktop\Google Chrome.lnk
[2011/11/04 16:44:17 | 000,000,986 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-854245398-839522115-1005UA.job
[2011/11/04 16:44:16 | 000,000,934 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-854245398-839522115-1005Core.job
[2011/10/14 02:30:38 | 008,525,278 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1004336348-854245398-839522115-1005-0.dat
[2011/10/14 02:30:36 | 000,276,950 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/23 17:07:45 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 21:57:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/09/04 00:05:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/03 13:04:41 | 000,000,334 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2011/09/03 12:38:45 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/03 04:36:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/03 04:35:50 | 000,278,152 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/03 00:08:39 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/09/02 23:01:52 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011/09/02 22:25:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/09/02 22:25:28 | 000,887,724 | RH-- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/09/02 22:25:28 | 000,227,587 | RH-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/09/02 22:25:28 | 000,000,003 | RH-- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/09/02 11:49:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/02 11:46:52 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/23 15:41:04 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2009/05/14 12:57:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2009/03/25 14:53:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2009/03/25 14:53:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2009/03/25 14:52:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2009/03/25 14:50:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2009/03/25 14:50:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2009/03/25 14:50:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2009/03/25 14:49:58 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2009/03/25 14:48:56 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2009/03/25 14:48:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2008/06/09 16:52:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2008/06/02 15:02:18 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldtcfg.dll
[2007/11/13 18:13:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2004/08/02 16:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/29 07:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 07:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,484,914 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,080,802 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/09/10 14:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/09/03 00:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/09/02 21:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2011/10/10 20:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/10/31 18:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/09/10 12:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/09/03 11:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/09/03 12:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/09/06 15:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/19 16:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/09/22 16:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/23 17:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\.minecraft
[2011/09/22 16:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\AnvSoft
[2011/09/10 14:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\DAEMON Tools Lite
[2011/10/11 16:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\HandBrake
[2011/09/09 17:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\LolClient
[2011/10/23 13:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\Pokemon Online
[2011/09/10 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\Propellerhead Software
[2011/10/02 12:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\pymclevel
[2011/10/05 16:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\Search Settings
[2011/11/10 14:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\uTorrent
[2011/11/07 22:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\Voxatron
[2011/09/14 14:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\YouTube Downloader
[2011/10/16 09:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Search Settings
[2011/10/16 09:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\YouTube Downloader
[2011/09/28 16:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2011/11/12 07:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Search Settings
[2011/11/12 07:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\YouTube Downloader

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >
[2011/11/22 04:46:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Branden\Local Settings\Temp\smtmp
[2011/11/22 04:46:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Branden\Local Settings\Temp\smtmp\1
[2011/11/22 04:46:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Branden\Local Settings\Temp\smtmp\2
[2011/11/22 04:46:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Branden\Local Settings\Temp\smtmp\4
[2011/11/22 09:12:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Dad\Local Settings\Temp\smtmp
[2011/11/22 09:12:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Dad\Local Settings\Temp\smtmp\1
[2011/11/22 09:12:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Dad\Local Settings\Temp\smtmp\2
[2011/11/22 09:12:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Dad\Local Settings\Temp\smtmp\4
[2011/11/22 09:13:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Ryan\Local Settings\Temp\smtmp
[2011/11/22 09:13:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Ryan\Local Settings\Temp\smtmp\1
[2011/11/22 09:13:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Ryan\Local Settings\Temp\smtmp\2
[2011/11/22 09:13:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Branden\..\Ryan\Local Settings\Temp\smtmp\4


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 02:56:50 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:58 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:58 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.INF >
[2002/08/29 07:00:00 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINDOWS\inf\volsnap.inf

< MD5 for: VOLSNAP.PNF >
[2011/09/03 04:36:20 | 000,004,964 | ---- | M] () MD5=D1AF90DC1EC28FA034C2BED6EB4BDF82 -- C:\WINDOWS\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 01:00:18 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:58 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#6
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL Extras logfile created on: 11/30/2011 2:01:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Branden\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.30% Memory free
4.82 Gb Paging File | 3.82 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 350.85 Gb Free Space | 75.33% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DOWNSTAIRS | User Name: Branden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"58624:TCP" = 58624:TCP:*:Enabled:Pando Media Booster
"58624:UDP" = 58624:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5972:TCP" = 5972:TCP:*:Enabled:bimzixr
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"58624:TCP" = 58624:TCP:*:Enabled:Pando Media Booster
"58624:UDP" = 58624:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\StarCraft II\StarCraft II Public Test.exe" = C:\Program Files\StarCraft II\StarCraft II Public Test.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dldtcoms.exe" = C:\WINDOWS\system32\dldtcoms.exe:*:Enabled:V305 Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldttime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldttime.exe:*:Enabled:Time Executable -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\StarCraft II\Versions\Base19679\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base19679\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe" = C:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{127C11D8-53C8-3367-C597-5F82BE1A5DBA}" = CCC Help English
"{135310CC-3374-D317-6DCF-308295A0198D}" = CCC Help Hungarian
"{161D0E93-1687-05E9-441F-3A45E3371FD7}" = CCC Help Korean
"{16D52C69-BD18-C998-7577-4CEA7CBA28E0}" = CCC Help Finnish
"{1802C783-8D4A-4EB8-B9BC-DF6B36BDD6EB}_is1" = Teaming Genie
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1B97A819-5E77-DA14-C6EA-A4FF2FB8C1F7}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = MediaNow CD & DVD Burning Suite
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.30 Patch 1
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{305753DB-CA5A-302A-45C6-F32192036ACF}" = CCC Help Swedish
"{33A108CB-18C9-03C0-766B-5982CA48F4C6}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8690D7-DE96-DCC3-812E-C4DAABA53B4E}" = CCC Help Russian
"{3E579331-7E40-6B1E-3582-1083CF310FFD}" = CCC Help Greek
"{3F2B3914-A927-4D1E-8417-E7B7C3339434}" = YouTube Downloader Toolbar v4.7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{495DE302-FD8B-7104-1407-814AB1D87135}" = ccc-utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D29088-2BF3-D1E7-F010-7D7FB527D12D}" = CCC Help Danish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6BFF4C2B-D94F-25DB-9D67-42A0AAB1516F}" = CCC Help French
"{6D134F65-886A-6089-3AB2-7B7DD97E9989}" = Catalyst Control Center Graphics Previews Common
"{6E82B3D4-6B81-DC91-DF8E-6ED6D60370B8}" = CCC Help Portuguese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DFDA76-F919-5AC3-5096-D2CDC1AD7061}" = Catalyst Control Center InstallProxy
"{7F92835A-5D0D-7188-8485-E602B2DF91A1}" = CCC Help Turkish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9554E327-A368-BCC9-88C2-6BDD0B3C1F4E}" = Catalyst Control Center Localization All
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9871562A-8AE1-C50B-B9D9-6602D3E6ABCC}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5AD348-5346-65BE-86D6-75E399E43610}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 2.5
"{AE7D2A40-29A2-6DC0-2744-4E65A26BA6CB}" = ATI Catalyst Install Manager
"{B2AD5592-BEA1-235A-6007-92B3E5374655}" = ATI AVIVO Codecs
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCF05227-7BC8-376F-2807-237A45584552}" = CCC Help Czech
"{BEAF0D0C-D9F5-45FC-33F2-078AEB50216B}" = CCC Help Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D60EBD5E-AD16-8FCA-1E08-9487F3371198}" = CCC Help Polish
"{DBF300DE-2192-F1CB-AF78-22AEA178933D}" = ccc-core-static
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0
"{ECFCD951-C437-1AEB-0358-4F74FF8E97C9}" = CCC Help Dutch
"{ED4F29D5-B73A-76E9-A132-C85D2B2D331D}" = CCC Help Norwegian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F513E235-093D-B2A9-3007-B04EDEE270CA}" = CCC Help Spanish
"{F69F0AD6-C97F-7586-C185-9FD3049171AD}" = CCC Help Japanese
"3400-4446-6563-0952" = PoxNora 1.4.7.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 1.2.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HandBrake" = HandBrake 0.9.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"NIS" = Norton Internet Security
"Reason5_is1" = Reason 5.0
"Reason5Demo_is1" = Reason Demo 5.0.1
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Super-Charger_is1" = Super-Charger
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Voxatron" = Voxatron 0.1.4
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/16/2011 10:28:27 AM | Computer Name = DOWNSTAIRS | Source = BackItUp5 | ID = 5225
Description =

Error - 10/16/2011 4:54:53 PM | Computer Name = DOWNSTAIRS | Source = BackItUp5 | ID = 5225
Description =

Error - 10/17/2011 2:08:17 PM | Computer Name = DOWNSTAIRS | Source = BackItUp5 | ID = 5225
Description =

Error - 10/19/2011 2:02:24 PM | Computer Name = DOWNSTAIRS | Source = BackItUp5 | ID = 5225
Description =

Error - 10/19/2011 4:21:20 PM | Computer Name = DOWNSTAIRS | Source = BackItUp5 | ID = 5225
Description =

Error - 10/20/2011 5:32:12 PM | Computer Name = DOWNSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jvm.dll, version 20.2.0.6, fault address 0x0005e4e2.

Error - 10/21/2011 7:26:11 PM | Computer Name = DOWNSTAIRS | Source = BugSplat | ID = 1
Description =

Error - 10/25/2011 11:37:47 PM | Computer Name = DOWNSTAIRS | Source = EvntAgnt | ID = 3005
Description = Error positioning to end of log file -- seek to end of log failed.
Handle
specified is 613696. Return code from ReadEventLog is 1500.

Error - 10/25/2011 11:39:10 PM | Computer Name = DOWNSTAIRS | Source = BackItUp5 | ID = 5225
Description =

Error - 10/27/2011 2:06:06 PM | Computer Name = DOWNSTAIRS | Source = BackItUp5 | ID = 5225
Description =

[ System Events ]
Error - 11/30/2011 6:25:08 AM | Computer Name = DOWNSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 11/30/2011 9:25:08 AM | Computer Name = DOWNSTAIRS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding


< End of report >
  • 0

#7
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I downloaded aswMBR.exe and it will not open. I double click it and nothing happens and i tried right clicking it and pressing open and nothings happens.
  • 0

#8
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Are you experiencing redirects with all browsers?

Do you have all your shortcuts and desktop icons in place following your original infection.?

Please do the following:


Step 1:

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/11/22 11:07:28 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\87bAqevuEC681y
    [2011/11/22 11:06:22 | 000,000,320 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681y
    [2011/11/22 11:06:22 | 000,000,240 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681yr
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\87bAqevuEC681y
    C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681y
    C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681yr
    
    :Commands
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log
  • Open OTL again
  • Select All users
  • Click the Quick Scan button. Post the log it produces in your next reply.


Step 2:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3:

Please download GetPartitions from the link below on your desktop

getpartitions.exe

Double click to run it
It will produce C:\DiskReport.txt log please post results from that log here to me.



.
Please remember to answer the questions at the start of my post and also:
The OTL fix log
New OTL QuickScan
TDSSkiller log
DiskReport log


Homburg
  • 0

#9
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I have Chrome and Internet Explorer and they are both redirecting me.

A lot of my desktop icons where hidden but I'm pretty sure they are all their now but I might not be remembering some.

========== OTL ==========
C:\Documents and Settings\All Users\Application Data\87bAqevuEC681y moved successfully.
C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681y moved successfully.
C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681yr moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Branden\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Branden\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\87bAqevuEC681y not found.
File\Folder C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681y not found.
File\Folder C:\Documents and Settings\All Users\Application Data\~87bAqevuEC681yr not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12012011_175359

Edited by Brandio, 01 December 2011 - 05:28 PM.

  • 0

#10
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 12/1/2011 6:05:19 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Branden\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 73.00% Memory free
4.82 Gb Paging File | 4.16 Gb Available in Paging File | 86.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 350.54 Gb Free Space | 75.26% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DOWNSTAIRS | User Name: Branden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/30 13:58:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Branden\Desktop\OTL.exe
PRC - [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/11/11 00:31:16 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2011/09/27 20:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/09/09 15:06:48 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/09/03 13:05:20 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 15:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/08/02 02:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/01/25 12:11:16 | 000,438,272 | ---- | M] (MSI CO.,LTD.) -- C:\Program Files\MSI\Super-Charger\Super-Charger.exe
PRC - [2010/11/23 03:33:20 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2010/11/17 11:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/08/02 19:13:12 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/12/15 12:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/09 17:48:20 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\dldtcoms.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/31 15:21:06 | 000,733,184 | ---- | M] (CyberLink Corporation.) -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\InstantBurn\Win2K\IBurn.exe
PRC - [2005/01/12 02:01:32 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/22 11:59:03 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011/11/22 11:59:00 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/11/22 11:59:00 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/11/22 11:59:00 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/11/22 11:59:00 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/11/15 00:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 00:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 00:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 00:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 00:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/09/09 15:06:48 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/12/15 12:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 12:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/07/23 15:41:04 | 000,782,336 | ---- | M] () -- C:\WINDOWS\system32\dldtdrs.dll
MOD - [2009/07/02 11:40:18 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldtdrpp.dll
MOD - [2009/07/02 09:02:18 | 000,031,840 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\richvideops.dll
MOD - [2009/05/14 12:57:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\dldtcaps.dll
MOD - [2008/01/22 01:05:12 | 000,077,906 | ---- | M] () -- C:\WINDOWS\system32\dldtcfg.dll
MOD - [2007/11/13 18:13:10 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\dldtcnv4.dll
MOD - [2006/07/26 10:20:54 | 008,327,168 | ---- | M] () -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\InstantBurn\Win2K\Res.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/27 19:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/23 16:33:22 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_E92D8507)
SRV - [2009/07/09 17:48:20 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)


========== Driver Services (SafeList) ==========

DRV - [2011/10/14 18:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/14 19:09:57 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111104.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/14 19:09:57 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111104.021\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/10 14:21:40 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/09/06 15:30:53 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/06 15:30:30 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/06 15:30:30 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/03 03:37:14 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111104.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/28 18:15:20 | 006,363,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/10 16:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011/02/10 16:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011/01/14 02:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011/01/12 22:36:42 | 006,407,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/10/20 16:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010/10/19 03:33:40 | 000,041,088 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) Intel®
DRV - [2010/05/10 12:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010/04/10 00:16:04 | 000,032,544 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/09 16:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/08/31 15:03:10 | 000,182,272 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2006/08/31 15:03:10 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2002/08/29 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 8D 38 4E 95 AF CC 01 [binary data]
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1004336348-854245398-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/28 16:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_3_6 [2011/12/01 18:03:23 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Branden\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1004336348-854245398-839522115-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1004336348-854245398-839522115-1005\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKU\S-1-5-21-1004336348-854245398-839522115-1005..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1004336348-854245398-839522115-1005..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1004336348-854245398-839522115-1005..\Run: [Power2GoExpress] C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKU\S-1-5-21-1004336348-854245398-839522115-1005..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-854245398-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1004336348-854245398-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1315070133703 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...CAB/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.68.4.10 216.68.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DD715EC-7628-4D3C-8111-C2BEE91219FE}: DhcpNameServer = 216.68.4.10 216.68.5.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/02 11:48:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/06 10:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 17:53:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/30 18:23:42 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Branden\Desktop\aswMBR.exe
[2011/11/30 13:58:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Branden\Desktop\OTL.exe
[2011/11/28 17:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\My Documents\SC2-WingsOfLiberty-enUS-Installer
[2011/11/28 17:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\My Documents\New Folder (2)
[2011/11/28 16:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/22 13:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Application Data\Malwarebytes
[2011/11/22 13:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/22 13:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/22 13:11:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/22 11:51:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/22 11:50:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Branden\Recent
[2011/11/11 10:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/11/11 01:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Local Settings\Application Data\Skyrim
[2011/11/11 01:04:55 | 000,000,000 | ---D | C] -- C:\eb20f9d3840191c9bb0623d1
[2011/11/11 00:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Start Menu\Programs\Steam
[2011/11/11 00:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/11/11 00:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/11/11 00:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2011/11/07 22:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Application Data\Voxatron
[2011/11/07 22:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Voxatron
[2011/11/07 22:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Start Menu\Programs\Voxatron
[2011/11/04 16:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branden\Start Menu\Programs\Google Chrome
[2009/07/09 17:48:22 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtih.exe
[2009/07/09 17:48:20 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcoms.exe
[2009/07/09 17:48:18 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcfg.exe
[2008/01/30 15:02:30 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2008/01/30 14:59:24 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2008/01/30 14:57:42 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2008/01/30 14:56:56 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2008/01/30 14:55:14 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2008/01/30 14:54:56 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2008/01/30 14:54:22 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[2008/01/30 14:53:32 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2008/01/30 14:53:22 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2008/01/30 14:52:16 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 18:03:09 | 000,000,334 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/12/01 18:03:06 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/01 18:03:06 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 18:03:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/01 17:49:00 | 000,000,986 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-854245398-839522115-1005UA.job
[2011/12/01 17:49:00 | 000,000,934 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-854245398-839522115-1005Core.job
[2011/12/01 17:40:00 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/01 05:59:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/30 18:23:42 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Branden\Desktop\aswMBR.exe
[2011/11/30 13:58:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Branden\Desktop\OTL.exe
[2011/11/28 16:43:26 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/23 09:27:25 | 000,109,034 | ---- | M] () -- C:\Documents and Settings\Branden\My Documents\b4spain.rns
[2011/11/22 17:50:22 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Branden\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/22 17:50:21 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Branden\Desktop\Google Chrome.lnk
[2011/11/22 13:11:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/22 12:30:38 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Branden\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to StarCraft II.lnk
[2011/11/20 20:19:44 | 039,270,512 | ---- | M] () -- C:\Documents and Settings\Branden\Desktop\Goahead.wav
[2011/11/18 22:34:36 | 000,484,914 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/18 22:34:36 | 000,080,802 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/11 09:01:04 | 000,278,152 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/11 00:43:49 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Branden\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/11 00:27:43 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/09 03:02:05 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 22:00:41 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Branden\Desktop\Voxatron.lnk
[2011/11/01 20:30:05 | 000,152,904 | ---- | M] () -- C:\Documents and Settings\Branden\My Documents\DURPDURPDURP.rns
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/28 16:43:25 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/23 09:27:20 | 000,109,034 | ---- | C] () -- C:\Documents and Settings\Branden\My Documents\b4spain.rns
[2011/11/22 13:11:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/22 12:30:35 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Branden\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to StarCraft II.lnk
[2011/11/20 20:20:45 | 039,270,512 | ---- | C] () -- C:\Documents and Settings\Branden\Desktop\Goahead.wav
[2011/11/11 01:05:55 | 000,166,464 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/11/11 00:43:48 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Branden\Desktop\The Elder Scrolls V Skyrim.url
[2011/11/11 00:27:43 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/07 22:00:41 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Branden\Desktop\Voxatron.lnk
[2011/11/04 16:45:36 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Branden\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/04 16:45:35 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Branden\Desktop\Google Chrome.lnk
[2011/11/04 16:44:17 | 000,000,986 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-854245398-839522115-1005UA.job
[2011/11/04 16:44:16 | 000,000,934 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-854245398-839522115-1005Core.job
[2011/10/14 02:30:38 | 008,525,278 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1004336348-854245398-839522115-1005-0.dat
[2011/10/14 02:30:36 | 000,276,950 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/23 17:07:45 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Branden\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 21:57:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/09/04 00:05:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/03 13:04:41 | 000,000,334 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2011/09/03 12:38:45 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/03 04:36:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/03 04:35:50 | 000,278,152 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/03 00:08:39 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/09/02 23:01:52 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2011/09/02 22:25:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/09/02 22:25:28 | 000,887,724 | RH-- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/09/02 22:25:28 | 000,227,587 | RH-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/09/02 22:25:28 | 000,000,003 | RH-- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/09/02 11:49:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/02 11:46:52 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/23 15:41:04 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2009/05/14 12:57:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2009/03/25 14:53:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2009/03/25 14:53:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2009/03/25 14:52:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2009/03/25 14:50:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2009/03/25 14:50:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2009/03/25 14:50:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2009/03/25 14:49:58 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2009/03/25 14:48:56 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2009/03/25 14:48:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2008/06/09 16:52:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2008/06/02 15:02:18 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldtcfg.dll
[2007/11/13 18:13:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2004/08/02 16:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/29 07:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 07:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,484,914 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,080,802 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/09/10 14:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/09/03 00:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/09/02 21:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2011/10/10 20:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/10/31 18:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/09/10 12:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/09/03 11:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/09/03 12:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/09/06 15:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/19 16:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/09/22 16:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/23 17:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\.minecraft
[2011/09/22 16:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\AnvSoft
[2011/09/10 14:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\DAEMON Tools Lite
[2011/10/11 16:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\HandBrake
[2011/09/09 17:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\LolClient
[2011/10/23 13:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\Pokemon Online
[2011/09/10 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\Propellerhead Software
[2011/10/02 12:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\pymclevel
[2011/10/05 16:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\Search Settings
[2011/11/10 14:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\uTorrent
[2011/11/07 22:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\Voxatron
[2011/09/14 14:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Branden\Application Data\YouTube Downloader
[2011/10/16 09:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Search Settings
[2011/10/16 09:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\YouTube Downloader
[2011/09/28 16:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2011/11/12 07:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Search Settings
[2011/11/12 07:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\YouTube Downloader

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#11
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
TDSSKiller.exe is not opening when I press on it. I'm not sure if I should still run the third thing.
  • 0

#12
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Please try to run the getpartitions tool. This should tell us if you have a hidden partition created by the malware.
  • 0

#13
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The getpartitions tool. is also not opening it just pops up the loading hour glass thing for a second then does nothing.
  • 0

#14
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

The GetPartitions don't actually look as though it's running because it runs so quick. Can you please check to see if it's there at C:\DiskReport.txt

If it's not there can you try this alternative method:

Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#15
Brandio

Brandio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the screen Shot of the Disk Management Window. Its uploading slow.

Attached Files


Edited by Brandio, 04 December 2011 - 02:22 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP