Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/ATRAPS.Gen2, TR/Sirefef.AG.35, TR/Small.FI infection. [Solved]


  • This topic is locked This topic is locked

#1
axeman61

axeman61

    Member

  • Member
  • PipPip
  • 27 posts
TR/ATRAPS.Gen2, TR/Sirefef.AG.35, TR/Small.FI infection.

I was just browsing the internet when my Avira started saying it caught 2 viruses or unwanted programs:
TR/ATRAPS.Gen2
TR/Sirefef.AG.35

I told avira to remove it, then the same warning popped up. Did it again. Eventually, I had to restart my computer, because of Avira's scans after removing it. Had 4 scans going that were hung. The warning popped up again post-restart. I clicked "details", switched the action to "delete" for both, and the warning still popped up again after. Now my internet seems to take a few seconds to load pages. I now have Avira running a "quick" scan (that started over 50 minutes ago) to root out this problem for real, but looking at other topics gives me a feeling it will be to no avail.

I wasn't browsing any "risque" content; I was just on Cracked.com. I'm assuming this is because of a Java breach or something. I hate having to sacrifice the rest of my night today (and perhaps tomorrow) to this, but I guess I have to handle this now before it gets out of hand.

Near the end of the Avira quick scan, this popped up:TR/Small.FI

The scan is over, and the warnings are still popping up. The only way I can keep them at bay is to hit "Details" and just not reply to them at all. That has to be a bad tactic. BTW, I get home from work at around 6 PM eastern time and go to bed around 11. If any of you are kind enough to help me, please know that it'll be around those times that I can respond to your queries for more information besides what I'm about to give.

Computer info (in case it's important)
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel® Pentium® 4 CPU 3.00GHz, x86 Family 15 Model 4 Stepping 1
Processor Count: 2
RAM: 3062 Mb
Graphics Card: Intel® 82915G/GV/910GL Express Chipset Family, 128 Mb
Hard Drives: C: Total - 35055 MB, Free - 11819 MB; D: Total - 305242 MB, Free - 155532 MB;
Motherboard: Dell Inc. , 0M3918, , ..CN708214B5049M.
Antivirus: Avira Desktop, Updated: Yes, On-Demand Scanner: Enabled

OTL Log:
NOTE: OTL Log was run with these directives in the custom scan box:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT

OTL.txt:
OTL logfile created on: 6/19/2012 7:33:15 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = D:\Shared Media\@New Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 42.47% Memory free
4.83 Gb Paging File | 2.96 Gb Available in Paging File | 61.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.23 Gb Total Space | 11.35 Gb Free Space | 33.17% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 151.89 Gb Free Space | 50.95% Space Free | Partition Type: NTFS
Drive E: | 672.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIEL-9BE473FF | User Name: Daniel Hopkins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/19 19:04:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Shared Media\@New Downloads\OTL.exe
PRC - [2012/06/19 17:59:44 | 000,172,544 | -H-- | M] (Sun) -- C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE
PRC - [2012/06/18 00:58:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/08 20:58:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 20:58:43 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/05/08 20:58:43 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012/05/08 20:58:43 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 20:58:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 20:58:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/08/14 12:14:51 | 001,122,304 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/12 11:46:16 | 001,060,937 | ---- | M] () -- C:\Program Files\Belvedere\Belvedere.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
PRC - [2008/08/05 23:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/28 08:49:02 | 000,238,080 | ---- | M] () -- C:\Program Files\AutoHotkey\AutoHotkey.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 18:24:55 | 000,055,808 | -H-- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\ntuser.dat
MOD - [2012/06/18 00:58:41 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 21:05:41 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/05/08 20:58:44 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/14 12:14:50 | 000,049,152 | ---- | M] () -- C:\Program Files\stickies\shook70.dll
MOD - [2010/02/12 11:46:16 | 001,060,937 | ---- | M] () -- C:\Program Files\Belvedere\Belvedere.exe
MOD - [2009/11/03 20:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
MOD - [2008/08/05 23:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2008/08/05 23:16:18 | 000,061,440 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2008/08/05 23:16:12 | 000,098,304 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2008/08/05 23:16:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2008/08/05 23:15:52 | 000,053,248 | ---- | M] () -- C:\Program Files\Launchy\platform_win.dll
MOD - [2008/08/05 23:15:38 | 000,021,504 | ---- | M] () -- C:\Program Files\Launchy\plugins\gcalc.dll
MOD - [2008/05/24 16:31:20 | 007,061,504 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2008/05/24 16:20:32 | 000,561,152 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2008/05/24 16:19:38 | 001,961,984 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
MOD - [2007/08/28 08:49:02 | 000,238,080 | ---- | M] () -- C:\Program Files\AutoHotkey\AutoHotkey.exe
MOD - [2004/03/29 12:45:52 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/18 00:58:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/08 20:58:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 20:58:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2004/03/16 16:33:24 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\system32\dlbtcoms.exe -- (dlbt_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahjc99w0)
DRV - [2012/05/08 20:58:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 20:58:44 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/02/25 22:16:50 | 000,026,192 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk.sys -- (SliceDisk5)
DRV - [2010/10/18 20:48:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/30 18:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 18:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/12/08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/22 13:24:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2052111302-616249376-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-2052111302-616249376-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2052111302-616249376-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2052111302-616249376-725345543-1004\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-atty
IE - HKU\S-1-5-21-2052111302-616249376-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-616249376-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.f804.mail....d=b&[email protected]@Bulk | mail.umflint.edu | https://mail.google....l/?shva=1#inbox | http://www.scholarsh.../showLogin.htx"
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {9A752782-D706-479b-98F8-3F66BF921692}:8.1
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {268ad77e-cff8-42d7-b479-da60a7b93305}:1.6.9
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.98.20110322
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2011051101
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.6
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.1
FF - prefs.js..extensions.enabledItems: {6072cb90-a0bd-11da-a746-0800200c9a66}:2011.03.24
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.91
FF - prefs.js..extensions.enabledItems: [email protected]:2.100910.18
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/28 21:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/28 21:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/27 12:43:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 00:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/01 01:57:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/27 12:43:49 | 000,000,000 | ---D | M]

[2010/07/11 15:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Extensions
[2012/06/19 18:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions
[2010/07/11 15:31:59 | 000,000,000 | ---D | M] (Groowe Search Toolbar) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{268ad77e-cff8-42d7-b479-da60a7b93305}
[2012/06/12 19:43:22 | 000,000,000 | ---D | M] (GameFOX) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/06/30 07:12:56 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012/04/26 22:14:35 | 000,000,000 | ---D | M] (Liquid Words) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2010/08/30 13:22:20 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2012/02/18 14:37:16 | 000,000,000 | ---D | M] (BYTubeD - Bulk (Batch) YouTube video Downloader) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\[email protected]
[2012/05/04 19:28:43 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\[email protected]
[2010/07/11 15:32:24 | 000,004,440 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\searchplugins\hyperwords.xml
[2012/04/03 17:37:42 | 000,002,888 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\searchplugins\liquid-words.xml
[2012/02/14 00:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 20:03:07 | 000,439,720 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2012/05/31 21:12:23 | 000,505,801 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/05/26 22:56:50 | 000,336,363 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/09/25 20:27:20 | 000,067,870 | R--- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{35106BCA-6C78-48C7-AC28-56DF30B51D2A}.XPI
[2012/05/01 21:43:31 | 000,097,169 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/01/09 11:07:38 | 000,275,540 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012/06/19 18:39:17 | 000,377,145 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/06 12:42:35 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/20 21:05:23 | 000,697,058 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/02/11 23:19:41 | 000,709,293 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/07/10 22:46:16 | 000,024,057 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/02/28 21:28:46 | 000,094,025 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/04/21 10:55:56 | 000,052,174 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2011/08/26 02:53:55 | 000,044,000 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/03/31 00:24:27 | 000,010,330 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2011/12/27 10:27:46 | 000,195,719 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/06/08 21:06:31 | 000,045,301 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2011/12/30 17:15:28 | 000,038,604 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/06/18 00:58:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/06/18 00:58:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 00:58:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: DivX HiQ = C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

O1 HOSTS File: ([2011/03/07 03:43:50 | 000,000,759 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKU\S-1-5-21-2052111302-616249376-725345543-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2052111302-616249376-725345543-1004..\Run: [Microsoft Firewall 2.9] C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE (Sun)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belvedere.lnk = C:\Program Files\Belvedere\Belvedere.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to Main Script.ahk.lnk = D:\Shared Media\Programming\Scripts\Main Script.ahk ()
O4 - Startup: C:\Documents and Settings\Daniel Hopkins\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-616249376-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1278876020469 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35D46BEB-D142-466D-A91E-CD77E9FC6269}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/11 03:42:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/05 17:49:18 | 000,000,038 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/09/29 17:40:32 | 000,383,760 | R--- | M] (Hewlett-Packard Development Company, L.P.) - E:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 18:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/19 18:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/19 18:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Oracle
[2012/06/19 18:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/19 17:59:45 | 000,172,544 | -H-- | C] (Sun) -- C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE
[2012/06/14 21:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\My Documents\Calibre Library
[2012/06/07 21:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Apple Computer
[2012/06/07 21:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/07 21:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/07 21:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/07 21:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/07 21:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Apple
[2012/06/07 21:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/07 21:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/06/07 21:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/07 21:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/07 21:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/06/07 18:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\My Documents\My Received Podcasts
[2012/06/07 18:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Application Data\iPodder
[2012/06/07 18:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Juice
[2012/06/07 18:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Start Menu\Programs\Juice
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Daniel Hopkins\Application Data\*.tmp files -> C:\Documents and Settings\Daniel Hopkins\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/19 18:57:02 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/19 18:24:51 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/19 18:24:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/19 17:59:44 | 000,172,544 | -H-- | M] (Sun) -- C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE
[2012/06/14 21:00:53 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 19:43:21 | 000,695,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 19:43:21 | 000,160,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 19:36:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 20:25:50 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/09 14:38:17 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wildren.exe.lnk
[2012/06/08 23:51:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/07 21:51:17 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/07 18:06:58 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\Juice.lnk
[2012/05/26 00:07:08 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/26 00:07:08 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Daniel Hopkins\Application Data\*.tmp files -> C:\Documents and Settings\Daniel Hopkins\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/19 19:37:44 | 000,018,944 | ---- | C] () -- C:\WINDOWS\Installer\{9fe50f65-0102-0c92-e224-2f54f3340288}\U\[email protected]
[2012/06/19 19:37:11 | 000,001,648 | ---- | C] () -- C:\WINDOWS\Installer\{9fe50f65-0102-0c92-e224-2f54f3340288}\U\[email protected]
[2012/06/09 14:38:17 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wildren.exe.lnk
[2012/06/08 20:48:00 | 000,224,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/07 21:51:17 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/07 21:48:07 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/06/07 18:06:55 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\Juice.lnk
[2012/05/26 00:07:08 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/04/03 19:16:54 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-1XyB5BEHbzJnOar
[2012/04/03 19:16:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-1XyB5BEHbzJnOa
[2012/04/03 19:16:47 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1XyB5BEHbzJnOa
[2012/02/16 02:07:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/19 19:41:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/27 20:54:45 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/10/27 12:27:31 | 000,205,175 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2011/10/27 12:27:30 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2011/08/16 14:43:01 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/08/16 14:43:00 | 002,469,248 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/08/16 14:43:00 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/08/16 14:43:00 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/08/16 14:43:00 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/05/19 18:48:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\PUTTY.RND
[2011/05/15 16:53:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/10/18 22:29:26 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/30 13:25:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ExplorerXP.INI
[2010/08/03 03:11:59 | 002,206,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2052111302-616249376-725345543-1004-0.dat
[2010/08/03 03:11:58 | 000,272,966 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/07/11 15:29:04 | 000,005,774 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\nig14.tmp.bat
[2010/07/11 15:09:26 | 000,005,774 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\nig4C.tmp.bat
[2010/07/11 15:07:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/07/11 15:05:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/11 05:41:27 | 000,000,576 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/07/11 05:41:11 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/07/11 05:41:11 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/07/11 05:38:41 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2010/07/11 05:38:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/07/11 05:38:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/07/11 05:38:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/07/11 05:38:33 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/07/11 05:38:27 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2010/07/11 05:07:40 | 000,061,208 | ---- | C] () -- C:\WINDOWS\System32\MPEG4E-uninstall.exe
[2010/07/11 04:36:03 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/11 04:02:11 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\DVEMODEM.DAT
[2010/07/11 04:01:28 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2010/07/11 03:44:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/11 03:39:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/10 20:31:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/10 20:30:29 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 10:02:34 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{9fe50f65-0102-0c92-e224-2f54f3340288}\@
[2004/08/12 10:02:34 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\{9fe50f65-0102-0c92-e224-2f54f3340288}\@

========== LOP Check ==========

[2010/10/18 20:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/07/03 22:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/07/11 05:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoConverter
[2012/06/07 21:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/09 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
[2010/09/14 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Amazon
[2012/02/14 00:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Appetizer
[2011/10/29 02:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\avidemux
[2012/06/14 21:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\calibre
[2010/10/18 22:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\DAEMON Tools Lite
[2012/02/05 00:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Flamebrain Technologies Inc
[2011/09/15 16:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\GetRight
[2012/06/07 18:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\iPodder
[2010/07/11 04:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Launchy
[2010/12/28 21:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Local
[2012/06/09 04:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mipony
[2012/06/19 06:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mp3tag
[2010/09/17 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Notepad++
[2012/06/19 18:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Oracle
[2010/07/13 18:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Program Files
[2012/03/27 19:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Shareaza
[2012/02/09 18:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Stardock
[2012/06/19 18:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\stickies
[2012/04/21 13:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\SystemRequirementsLab
[2012/01/10 20:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\TeamViewer
[2012/05/27 01:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\uTorrent
[2010/08/04 03:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\XMind

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/12 09:57:20 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2004/08/12 10:05:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/12 10:05:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2010/07/11 03:42:57 | 000,001,602 | ---- | M] () MD5=AF921644E24CA2F0FDAE984B3214849A -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
[2010/07/11 03:42:57 | 000,001,602 | ---- | M] () MD5=AF921644E24CA2F0FDAE984B3214849A -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/12 10:05:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/12 10:06:49 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2012/01/31 13:13:46 | 000,182,856 | ---- | M] () MD5=9F37B15F56C3D248CD299D34BCB2CEFA -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/12 10:08:07 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/12 10:09:30 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/31 13:13:46 | 000,182,856 | ---- | M] () MD5=9F37B15F56C3D248CD299D34BCB2CEFA -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Daniel Hopkins\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Daniel Hopkins\Desktop\ICDL:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Daniel Hopkins\Desktop\DL:Shareaza.GUID

< End of report >

Extras.Txt:
OTL Extras logfile created on: 6/19/2012 7:33:15 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = D:\Shared Media\@New Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 42.47% Memory free
4.83 Gb Paging File | 2.96 Gb Available in Paging File | 61.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.23 Gb Total Space | 11.35 Gb Free Space | 33.17% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 151.89 Gb Free Space | 50.95% Space Free | Partition Type: NTFS
Drive E: | 672.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIEL-9BE473FF | User Name: Daniel Hopkins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2052111302-616249376-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [PotPlayer.Enqueue] -- "C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" "%1" /Add ()
Directory [PotPlayer.Play] -- "C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1574CBD4-1656-420c-B553-E16F01E74C0F}" = Free Launch Bar
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D428AB95-35B2-4868-B656-5C316E25EC69}" = Microsoft SQL Server 2008 Database Engine Services
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DF781E6F-BF29-4340-BEFB-09F7511B424D}" = Microsoft SQL Server 2008 Database Engine Services
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AutoHotkey" = AutoHotkey 1.0.47.04
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Belvedere" = Belvedere 0.5
"Captcha.trader Mipony Plugin" = Captcha.trader Mipony Plugin 1.0
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Defraggler" = Defraggler
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DivX Setup.divx.com" = DivX Setup
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.0.0 Home Edition
"Eraser_is1" = Eraser
"Everything" = Everything 1.2.1.371
"ExplorerXP" = ExplorerXP (remove only)
"Fences" = Fences
"Find and Mount_is1" = Find and Mount 2.32
"FormatFactory" = FormatFactory 2.70
"Free Video Converter_is1" = Free Video Converter V 1.2
"GetRight_is1" = GetRight
"Google Chrome" = Google Chrome
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Juice" = Juice 2.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Standard)
"Launchy_21344213_is1" = Launchy 2.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiPony" = MiPony 1.6.1
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"Notepad++" = Notepad++
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"PotPlayer" = Daum PotPlayer 1.5.31934
"Privoxy" = Privoxy 3.0.6
"PROSet" = Intel® PRO Network Adapters and Drivers
"PS3 Media Server" = PS3 Media Server
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Revo Uninstaller" = Revo Uninstaller 1.93
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Shop for HP Supplies" = Shop for HP Supplies
"SolveigMM AVI Trimmer 2.0.1201.11" = SolveigMM AVI Trimmer
"SyncBack_is1" = SyncBack
"SysInfo" = Creative System Information
"TheSage" = TheSage
"Tor" = Tor 0.2.1.19
"ULTIMATER" = Microsoft Office Ultimate 2007
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.1.15
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XMind" = XMind
"xplorer2l" = xplorer² lite
"ZhornStickies" = Stickies 7.1a

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-616249376-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2012 5:46:47 PM | Computer Name = DANIEL-9BE473FF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38399297

Error - 6/19/2012 5:46:47 PM | Computer Name = DANIEL-9BE473FF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38399297

Error - 6/19/2012 5:46:52 PM | Computer Name = DANIEL-9BE473FF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/19/2012 5:46:52 PM | Computer Name = DANIEL-9BE473FF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38404406

Error - 6/19/2012 5:46:52 PM | Computer Name = DANIEL-9BE473FF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38404406

Error - 6/19/2012 5:46:57 PM | Computer Name = DANIEL-9BE473FF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/19/2012 5:46:57 PM | Computer Name = DANIEL-9BE473FF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 38409515

Error - 6/19/2012 5:46:57 PM | Computer Name = DANIEL-9BE473FF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 38409515

Error - 6/19/2012 6:32:31 PM | Computer Name = DANIEL-9BE473FF | Source = Ci | ID = 4124
Description = Content index on d:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 6/19/2012 6:32:31 PM | Computer Name = DANIEL-9BE473FF | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on d:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

[ System Events ]
Error - 5/29/2012 10:59:05 PM | Computer Name = DANIEL-9BE473FF | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/29/2012 10:59:05 PM | Computer Name = DANIEL-9BE473FF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/31/2012 6:40:49 PM | Computer Name = DANIEL-9BE473FF | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 0011119E90C8.

Error - 6/2/2012 11:15:41 AM | Computer Name = DANIEL-9BE473FF | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 0011119E90C8.

Error - 6/3/2012 10:01:05 PM | Computer Name = DANIEL-9BE473FF | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 0011119E90C8.

Error - 6/4/2012 10:40:57 PM | Computer Name = DANIEL-9BE473FF | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 0011119E90C8.

Error - 6/14/2012 8:58:33 PM | Computer Name = DANIEL-9BE473FF | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 0011119E90C8.

Error - 6/15/2012 9:51:43 PM | Computer Name = DANIEL-9BE473FF | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 0011119E90C8.

Error - 6/17/2012 6:30:54 AM | Computer Name = DANIEL-9BE473FF | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.64 on
the Network Card with network address 0011119E90C8.

Error - 6/19/2012 6:26:48 PM | Computer Name = DANIEL-9BE473FF | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060


< End of report >

Edited by axeman61, 19 June 2012 - 08:32 PM.

  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hello axeman61 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I would like you to run another scan for me to check your MBR while I look over these logs

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:
  • aswMBR log

  • 0

#3
axeman61

axeman61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 22:51:21
-----------------------------
22:51:21.171 OS Version: Windows 5.1.2600 Service Pack 3
22:51:21.171 Number of processors: 2 586 0x401
22:51:21.171 ComputerName: DANIEL-9BE473FF UserName: Daniel Hopkins
22:51:21.781 Initialize success
22:55:22.828 AVAST engine defs: 12062001
22:56:16.828 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
22:56:16.828 Disk 0 Vendor: WDC_WD3200JB-00KFA0 08.05J08 Size: 305245MB BusType: 3
22:56:16.828 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
22:56:16.828 Disk 1 Vendor: WDC_WD400BD-75JMA0 05.01C05 Size: 38146MB BusType: 3
22:56:16.843 Disk 1 MBR read successfully
22:56:16.859 Disk 1 MBR scan
22:56:16.890 Disk 1 Windows XP default MBR code
22:56:16.921 Disk 1 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
22:56:17.109 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 35055 MB offset 96390
22:56:17.187 Disk 1 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3035 MB offset 71890875
22:56:17.234 Disk 1 scanning sectors +78108030
22:56:17.437 Disk 1 scanning C:\WINDOWS\system32\drivers
22:56:58.609 Service scanning
22:57:33.859 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:57:40.437 Modules scanning
22:58:21.796 Disk 1 trace - called modules:
22:58:21.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spqv.sys hal.dll >>UNKNOWN [0x8a4ea938]<<
22:58:21.828 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a47eab8]
22:58:21.828 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a47fb00]
22:58:22.187 AVAST engine scan C:\WINDOWS
22:58:58.218 AVAST engine scan C:\WINDOWS\system32
23:17:50.906 AVAST engine scan C:\WINDOWS\system32\drivers
23:19:13.031 AVAST engine scan C:\Documents and Settings\Daniel Hopkins
23:53:08.203 AVAST engine scan C:\Documents and Settings\All Users
23:57:58.218 Scan finished successfully
02:37:33.734 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Daniel Hopkins\Desktop\MBR.dat"
02:37:33.812 The log file has been saved successfully to "C:\Documents and Settings\Daniel Hopkins\Desktop\aswMBR.txt"
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hello Axeman61,

while researching your log files, I noticed that you also posted for help here. While I do appreciate that you need to get your issue fixed, please don't do this, as it wastes at least one helpers time.
Please decide if you want to continue here or wait for help at the other forum(s), and let me know what you want to do.

Thank you
  • 0

#5
axeman61

axeman61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Continue here.

BTW, a new warning popped up in avira for TR/Nedsym.G.133 just now after a reboot (avira said it needed to reboot for an update).

And another one popped up that I don't even remember. It was from the Sirefef family; I think it was p550.

This problem requires serious help. It's looking like the initial viruses are holding the door open for other ones. I can still browse the internet and stuff like I used to be able to (Avira's blocking complete saturation), but I don't want to log into any "sensitive" site.

Edited by axeman61, 21 June 2012 - 07:19 PM.

  • 0

#6
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi Axeman,

I am going to have a fix for you in a little while, but in the meantime, I would suggest that you use the computer sparingly if you can.

Also, when you edit your post, I don't get a notification. So if you need to get my attention, just make a new post, and I will know that you did so.

I will post back with a fix as soon as I can.
  • 0

#7
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi axeman,

If you can, would you please request that your other thread be closed.
You have a few trojans on there, Avast is not kidding!

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • UTorrent
  • Shareaza
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Your Ineternet Explorer is out of date, as is your Java, but we will get to that after we clear the infection.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ahjc99w0)
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    O4 - HKU\S-1-5-21-2052111302-616249376-725345543-1004..\Run: [Microsoft Firewall 2.9] C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE (Sun)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    [2012/06/19 17:59:45 | 000,172,544 | -H-- | C] (Sun) -- C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE
    [2012/06/19 19:37:44 | 000,018,944 | ---- | C] () -- C:\WINDOWS\Installer\{9fe50f65-0102-0c92-e224-2f54f3340288}\U\[email protected]
    [2012/06/19 19:37:11 | 000,001,648 | ---- | C] () -- C:\WINDOWS\Installer\{9fe50f65-0102-0c92-e224-2f54f3340288}\U\[email protected]
    [2012/04/03 19:16:54 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-1XyB5BEHbzJnOar
    [2012/04/03 19:16:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-1XyB5BEHbzJnOa
    [2012/04/03 19:16:47 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1XyB5BEHbzJnOa
    :files
    C:\WINDOWS\Installer\{9fe50f65-0102-0c92-e224-2f54f3340288}
    C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\{9fe50f65-0102-0c92-e224-2f54f3340288}
    :commands
    [resethosts]
    [emptytemp]
    [reboot]
    
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step 2
Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 4

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    netsvcs
    /md5start
    consrv.dll
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the log it produces in your next reply.

In your next reply I would like to see:
  • OTL fix log
  • ComboFix log
  • MalwareBytes log
  • OTL custom scan log
  • how is the computer doing now?

  • 0

#8
axeman61

axeman61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL custom scan Log
OTL logfile created on: 6/22/2012 9:27:13 PM - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = D:\Shared Media\@New Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 68.00% Memory free
4.83 Gb Paging File | 3.85 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.23 Gb Total Space | 13.10 Gb Free Space | 38.25% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 157.62 Gb Free Space | 52.88% Space Free | Partition Type: NTFS
Drive E: | 672.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIEL-9BE473FF | User Name: Daniel Hopkins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/19 19:04:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Shared Media\@New Downloads\OTL.exe
PRC - [2012/06/18 00:58:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/08 20:58:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 20:58:43 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 20:58:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 20:58:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/12 11:46:16 | 001,060,937 | ---- | M] () -- C:\Program Files\Belvedere\Belvedere.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
PRC - [2008/08/05 23:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/28 08:49:02 | 000,238,080 | ---- | M] () -- C:\Program Files\AutoHotkey\AutoHotkey.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/18 00:58:41 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 21:05:41 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/05/08 20:58:44 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/12 11:46:16 | 001,060,937 | ---- | M] () -- C:\Program Files\Belvedere\Belvedere.exe
MOD - [2009/11/03 20:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
MOD - [2008/08/05 23:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2008/08/05 23:16:18 | 000,061,440 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2008/08/05 23:16:12 | 000,098,304 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2008/08/05 23:16:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2008/08/05 23:15:52 | 000,053,248 | ---- | M] () -- C:\Program Files\Launchy\platform_win.dll
MOD - [2008/08/05 23:15:38 | 000,021,504 | ---- | M] () -- C:\Program Files\Launchy\plugins\gcalc.dll
MOD - [2008/05/24 16:31:20 | 007,061,504 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2008/05/24 16:20:32 | 000,561,152 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2008/05/24 16:19:38 | 001,961,984 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
MOD - [2007/08/28 08:49:02 | 000,238,080 | ---- | M] () -- C:\Program Files\AutoHotkey\AutoHotkey.exe
MOD - [2004/03/29 12:45:52 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/18 00:58:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/08 20:58:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 20:58:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2004/03/16 16:33:24 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\system32\dlbtcoms.exe -- (dlbt_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (av88k3i7)
DRV - [2012/05/08 20:58:44 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 20:58:44 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/02/25 22:16:50 | 000,026,192 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk.sys -- (SliceDisk5)
DRV - [2010/10/18 20:48:03 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/30 18:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 18:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/12/08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/22 13:24:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-atty
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.f804.mail....d=b&[email protected]@Bulk | mail.umflint.edu | https://mail.google....l/?shva=1#inbox | http://www.scholarsh.../showLogin.htx"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/28 21:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/28 21:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/27 12:43:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 00:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/01 01:57:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/27 12:43:49 | 000,000,000 | ---D | M]

[2010/07/11 15:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Extensions
[2012/06/22 21:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions
[2010/07/11 15:31:59 | 000,000,000 | ---D | M] (Groowe Search Toolbar) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{268ad77e-cff8-42d7-b479-da60a7b93305}
[2012/06/12 19:43:22 | 000,000,000 | ---D | M] (GameFOX) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/06/30 07:12:56 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012/04/26 22:14:35 | 000,000,000 | ---D | M] (Liquid Words) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2010/08/30 13:22:20 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2012/02/18 14:37:16 | 000,000,000 | ---D | M] (BYTubeD - Bulk (Batch) YouTube video Downloader) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\[email protected]
[2012/05/04 19:28:43 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\extensions\[email protected]
[2010/07/11 15:32:24 | 000,004,440 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\searchplugins\hyperwords.xml
[2012/04/03 17:37:42 | 000,002,888 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\searchplugins\liquid-words.xml
[2012/02/14 00:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 20:03:07 | 000,439,720 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2012/05/31 21:12:23 | 000,505,801 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/05/26 22:56:50 | 000,336,363 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/09/25 20:27:20 | 000,067,870 | R--- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{35106BCA-6C78-48C7-AC28-56DF30B51D2A}.XPI
[2012/05/01 21:43:31 | 000,097,169 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/01/09 11:07:38 | 000,275,540 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012/06/19 18:39:17 | 000,377,145 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/06 12:42:35 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/20 21:05:23 | 000,697,058 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/02/11 23:19:41 | 000,709,293 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/07/10 22:46:16 | 000,024,057 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/02/28 21:28:46 | 000,094,025 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/04/21 10:55:56 | 000,052,174 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2011/08/26 02:53:55 | 000,044,000 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/03/31 00:24:27 | 000,010,330 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2011/12/27 10:27:46 | 000,195,719 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/06/08 21:06:31 | 000,045,301 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\MEMORYRESTART[email protected]
[2011/12/30 17:15:28 | 000,038,604 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL HOPKINS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ULVSJGJP.DEFAULT\EXTENSIONS\[email protected]
[2012/06/18 00:58:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/06/18 00:58:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 00:58:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: DivX HiQ = C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

O1 HOSTS File: ([2012/06/22 20:36:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belvedere.lnk = C:\Program Files\Belvedere\Belvedere.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to Main Script.ahk.lnk = D:\Shared Media\Programming\Scripts\Main Script.ahk ()
O4 - Startup: C:\Documents and Settings\Daniel Hopkins\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1278876020469 (WUWebControl Class)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35D46BEB-D142-466D-A91E-CD77E9FC6269}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/11 03:42:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/05 17:49:18 | 000,000,038 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/09/29 17:40:32 | 000,383,760 | R--- | M] (Hewlett-Packard Development Company, L.P.) - E:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 20:25:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/22 20:24:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/22 20:24:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/22 20:24:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/22 20:24:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/22 20:24:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 20:23:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/22 20:22:20 | 004,565,264 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel Hopkins\Desktop\ComboFix.exe
[2012/06/20 22:50:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Daniel Hopkins\Desktop\aswMBR.exe
[2012/06/20 19:01:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel Hopkins\Desktop\dds.com
[2012/06/20 18:59:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Daniel Hopkins\Desktop\HijackThis.exe
[2012/06/19 18:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/19 18:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/19 18:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Oracle
[2012/06/19 18:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/14 21:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\My Documents\Calibre Library
[2012/06/07 21:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Apple Computer
[2012/06/07 21:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/07 21:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/07 21:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/07 21:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/07 21:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\Apple
[2012/06/07 21:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/06/07 21:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/06/07 21:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/07 21:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/07 21:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/06/07 18:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\My Documents\My Received Podcasts
[2012/06/07 18:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Application Data\iPodder
[2012/06/07 18:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Juice
[2012/06/07 18:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Hopkins\Start Menu\Programs\Juice

========== Files - Modified Within 30 Days ==========

[2012/06/22 20:57:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 20:36:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/22 20:36:53 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 20:36:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 20:26:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/22 20:22:18 | 004,565,264 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel Hopkins\Desktop\ComboFix.exe
[2012/06/21 02:37:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\MBR.dat
[2012/06/20 22:51:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Daniel Hopkins\Desktop\aswMBR.exe
[2012/06/20 19:04:58 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\2wu1fjnu.exe
[2012/06/20 19:01:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel Hopkins\Desktop\dds.com
[2012/06/20 18:58:51 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Daniel Hopkins\Desktop\HijackThis.exe
[2012/06/19 20:32:31 | 000,159,232 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/19 19:45:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/19 19:45:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/19 19:44:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 21:00:53 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 19:43:21 | 000,695,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 19:43:21 | 000,160,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 19:36:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/09 14:38:17 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wildren.exe.lnk
[2012/06/08 23:51:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/07 21:51:17 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/07 18:06:58 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\Juice.lnk
[2012/05/26 00:07:08 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/26 00:07:08 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk

========== Files Created - No Company Name ==========

[2012/06/22 20:26:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/22 20:25:59 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/22 20:24:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/22 20:24:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/22 20:24:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/22 20:24:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/22 20:24:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/21 02:37:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\MBR.dat
[2012/06/20 19:05:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\2wu1fjnu.exe
[2012/06/19 19:45:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/19 19:45:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 14:38:17 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wildren.exe.lnk
[2012/06/08 20:48:00 | 000,224,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/07 21:51:17 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/07 21:48:07 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/06/07 18:06:55 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Desktop\Juice.lnk
[2012/05/26 00:07:08 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/02/16 02:07:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/19 19:41:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/27 20:54:45 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/10/27 12:27:31 | 000,205,175 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2011/10/27 12:27:30 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2011/08/16 14:43:01 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/08/16 14:43:00 | 002,469,248 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/08/16 14:43:00 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/08/16 14:43:00 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/08/16 14:43:00 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/05/19 18:48:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\PUTTY.RND
[2011/05/15 16:53:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/10/18 22:29:26 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/30 13:25:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ExplorerXP.INI
[2010/08/03 03:11:59 | 002,206,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2052111302-616249376-725345543-1004-0.dat
[2010/08/03 03:11:58 | 000,272,966 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/07/11 15:29:04 | 000,005,774 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\nig14.tmp.bat
[2010/07/11 15:09:26 | 000,005,774 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Application Data\nig4C.tmp.bat
[2010/07/11 15:07:48 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/07/11 15:05:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/11 05:41:27 | 000,000,576 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/07/11 05:41:11 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/07/11 05:41:11 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/07/11 05:38:41 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2010/07/11 05:38:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/07/11 05:38:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/07/11 05:38:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/07/11 05:38:33 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/07/11 05:38:27 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2010/07/11 05:07:40 | 000,061,208 | ---- | C] () -- C:\WINDOWS\System32\MPEG4E-uninstall.exe
[2010/07/11 04:36:03 | 000,159,232 | ---- | C] () -- C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/11 04:02:11 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\DVEMODEM.DAT
[2010/07/11 04:01:28 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2010/07/11 03:44:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/11 03:39:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/10 20:31:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/10 20:30:29 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2010/10/18 20:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/07/03 22:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/07/11 05:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoConverter
[2012/06/07 21:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/09 18:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
[2010/09/14 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Amazon
[2012/02/14 00:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Appetizer
[2011/10/29 02:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\avidemux
[2012/06/14 21:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\calibre
[2010/10/18 22:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\DAEMON Tools Lite
[2012/02/05 00:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Flamebrain Technologies Inc
[2011/09/15 16:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\GetRight
[2012/06/07 18:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\iPodder
[2010/07/11 04:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Launchy
[2012/06/09 04:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mipony
[2012/06/19 06:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Mp3tag
[2010/09/17 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Notepad++
[2012/06/19 18:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Oracle
[2010/07/13 18:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Program Files
[2012/03/27 19:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Shareaza
[2012/02/09 18:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\Stardock
[2012/06/22 20:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\stickies
[2012/04/21 13:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\SystemRequirementsLab
[2012/01/10 20:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\TeamViewer
[2012/05/27 01:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\uTorrent
[2010/08/04 03:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Hopkins\Application Data\XMind

========== Purity Check ==========



========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/18 00:58:38 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/18 00:58:38 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/18 00:58:38 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/18 00:58:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/18 00:58:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/18 00:58:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/18 00:58:38 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/18 00:58:38 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/18 00:58:38 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/18 00:58:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/18 00:58:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/18 00:58:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction
[C:\windows\Microsoft.NET\assembly\GAC_MSIL\WcfSvcHost\v4.0_10.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_WcfSvcHost_31bf3856ad364e35_10.0.0.0_x-ww_8f8c98f0 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Daniel Hopkins\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Daniel Hopkins\Desktop\ICDL:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Daniel Hopkins\Desktop\DL:Shareaza.GUID

< End of report >

ComboFix Log
ComboFix 12-06-21.03 - Daniel Hopkins 06/22/2012 20:29:33.1.2 - x86
Running from: c:\documents and settings\Daniel Hopkins\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Daniel Hopkins\Application Data\Local
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(10).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(11).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(12).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(13).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(14).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(15).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(16).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(17).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(18).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(19).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(2).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(20).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(21).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(22).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(23).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(24).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(25).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(26).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(27).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(28).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(29).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(3).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(30).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(31).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(32).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(33).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(34).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(35).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(36).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(37).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(38).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(39).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(4).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(40).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(41).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(42).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(43).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(44).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(45).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(46).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(47).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(48).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(49).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(5).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(50).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(51).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(52).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(53).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(54).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(55).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(56).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(57).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(58).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(59).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(6).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(60).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(61).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(62).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(63).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(64).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(65).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(66).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(67).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(68).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(69).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(7).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(70).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(71).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(72).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(73).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(74).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(75).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(76).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(77).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(78).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(79).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(8).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(80).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(81).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(82).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(83).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(84).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(85).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(86).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(87).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(88).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(89).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(9).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(90).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(91).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(92).divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\xev7eerhtt56g.avi.ddp
c:\documents and settings\Daniel Hopkins\Application Data\Local\Temp\DDM\Settings\xev7eerhtt56g.avi.ddr
c:\documents and settings\Daniel Hopkins\Application Data\nig14.tmp
c:\documents and settings\Daniel Hopkins\Application Data\nig4C.tmp
c:\documents and settings\Daniel Hopkins\Application Data\ntuser.dat
c:\documents and settings\Daniel Hopkins\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Daniel Hopkins\Start Menu\Programs\SMART HDD\SMART HDD.lnk
c:\documents and settings\Daniel Hopkins\Start Menu\Programs\SMART HDD\Uninstall SMART HDD.lnk
C:\drvrtmp
C:\ipconfig.txt
c:\windows\EventSystem.log
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-19 22:21 . 2012-06-19 22:21 -------- d-----w- c:\program files\Common Files\Java
2012-06-19 22:20 . 2012-06-19 22:20 -------- d-----w- c:\program files\Oracle
2012-06-19 22:20 . 2012-06-19 22:20 -------- d-----w- c:\documents and settings\Daniel Hopkins\Application Data\Oracle
2012-06-18 04:58 . 2012-06-18 04:58 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-18 04:58 . 2012-06-18 04:58 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-08 01:51 . 2012-06-09 01:17 -------- d-----w- c:\documents and settings\Daniel Hopkins\Application Data\Apple Computer
2012-06-08 01:51 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-08 01:51 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-08 01:49 . 2012-06-08 01:49 -------- d-----w- c:\program files\iPod
2012-06-08 01:49 . 2012-06-08 01:51 -------- d-----w- c:\program files\iTunes
2012-06-08 01:49 . 2012-06-08 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-08 01:48 . 2012-06-08 01:48 -------- d-----w- c:\documents and settings\Daniel Hopkins\Local Settings\Application Data\Apple
2012-06-08 01:48 . 2012-06-08 01:48 -------- d-----w- c:\program files\Apple Software Update
2012-06-08 01:47 . 2012-06-08 01:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-06-08 01:47 . 2012-06-08 01:47 -------- d-----w- c:\program files\Bonjour
2012-06-08 01:46 . 2012-06-08 01:49 -------- d-----w- c:\program files\Common Files\Apple
2012-06-08 01:46 . 2012-06-08 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-06-07 22:07 . 2012-06-07 22:07 -------- d-----w- c:\documents and settings\Daniel Hopkins\Application Data\iPodder
2012-06-07 22:06 . 2012-06-07 22:08 -------- d-----w- c:\program files\Juice
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 01:05 . 2012-04-13 23:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-15 01:05 . 2011-12-09 19:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 19:19 . 2010-07-11 19:20 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-07-11 19:20 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-07-11 07:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2010-07-11 07:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-07-11 07:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2010-07-11 19:20 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2010-07-11 19:20 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2010-07-11 07:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2010-07-11 07:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-12 13:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2010-07-11 19:20 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-07-11 07:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-07-11 07:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-12 13:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2004-08-12 14:09 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-12 14:09 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 01:20 . 2012-05-11 01:20 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-09 00:58 . 2011-10-20 18:34 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 00:58 . 2011-10-20 18:34 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-04 23:29 . 2010-07-21 00:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 23:29 . 2012-01-30 03:53 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 23:29 . 2010-07-21 00:12 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16 . 2004-08-12 14:02 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-07-11 07:38 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:29 . 2011-03-24 03:36 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-04-20 19:29 . 2004-08-12 14:07 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44 . 2004-08-12 13:57 369664 ----a-w- c:\windows\system32\html.iec
2012-04-04 19:56 . 2012-04-04 00:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 04:58 . 2011-06-12 17:57 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\Daniel Hopkins\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-7-11 1122304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belvedere.lnk - c:\program files\Belvedere\Belvedere.exe [2010-2-12 1060937]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-7-11 286720]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
Shortcut to Main Script.ahk.lnk - d:\shared media\Programming\Scripts\Main Script.ahk [2011-7-8 762]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-06-12 21:32 700416 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
2004-06-18 15:30 290816 ----a-w- c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/18/2010 8:48 PM 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/20/2011 2:34 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2011 2:34 PM 86224]
R2 MSSQL$MYSERVER;SQL Server (MYSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MYSERVER\MSSQL\Binn\sqlservr.exe [4/3/2010 2:56 PM 42884448]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 2:01 AM 994360]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2011 2:29 AM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/16/2011 2:43 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/16/2011 2:43 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2011 2:29 AM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 7:23 PM 113120]
S3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk.sys [8/14/2011 3:45 PM 26192]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 9:24 PM 48128]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 2:56 PM 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 12:02 PM 240608]
S4 SQLAgent$MYSERVER;SQL Server Agent (MYSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MYSERVER\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 2:56 PM 367456]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 06:29]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-05 06:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Daniel Hopkins\Application Data\Mozilla\Firefox\Profiles\ulvsjgjp.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://us.f804.mail.yahoo.com/ym/ShowFolder?rb=Inbox&reset=1&YY=15471&y5beta=yes&y5beta=yes&inc=200&order=down&sort=date&pos=0&view=a&head=b&box=%40B%40Bulk | mail.umflint.edu | https://mail.google....l/?shva=1#inbox | http://www.scholarsh...m/showLogin.htx
FF - user.js: general.useragent.extra.zencast -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Microsoft SQL Server 2008 R2 - c:\program files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\SetupARP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-22 20:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\msi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\AutoHotkey\AutoHotkey.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-06-22 20:45:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 00:45
.
Pre-Run: 14,124,851,200 bytes free
Post-Run: 14,073,180,160 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 896A89460D6BA67DF0B396168D6BECB4

MBAM Log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.22.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Daniel Hopkins :: DANIEL-9BE473FF [administrator]

6/22/2012 9:19:36 PM
mbam-log-2012-06-22 (21-19-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229046
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL Fix Log
All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Error: No service named ahjc99w0 was found to stop!
Service\Driver key ahjc99w0 not found.
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry value HKEY_USERS\S-1-5-21-2052111302-616249376-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Firewall 2.9 not found.
File C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Documents and Settings\Daniel Hopkins\Application Data\WMPRWISE.EXE not found.
File C:\WINDOWS\Installer\{9fe50f65-0102-0c92-e224-2f54f3340288}\U\[email protected] not found.
File C:\WINDOWS\Installer\{9fe50f65-0102-0c92-e224-2f54f3340288}\U\[email protected] not found.
File C:\Documents and Settings\All Users\Application Data\-1XyB5BEHbzJnOar not found.
File C:\Documents and Settings\All Users\Application Data\-1XyB5BEHbzJnOa not found.
File C:\Documents and Settings\All Users\Application Data\1XyB5BEHbzJnOa not found.
========== FILES ==========
File\Folder C:\WINDOWS\Installer\{9fe50f65-0102-0c92-e224-2f54f3340288} not found.
File\Folder C:\Documents and Settings\Daniel Hopkins\Local Settings\Application Data\{9fe50f65-0102-0c92-e224-2f54f3340288} not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Daniel Hopkins
->Temp folder emptied: 236366237 bytes
->Temporary Internet Files folder emptied: 956953086 bytes
->Java cache emptied: 6681 bytes
->FireFox cache emptied: 58634153 bytes
->Google Chrome cache emptied: 100142720 bytes
->Flash cache emptied: 27983 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 44552 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3066683 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 388685715 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 758733121 bytes

Total Files Cleaned = 2,389.00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 06222012_201536

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Current computer status
My computer seems to be doing fine. Webpages load fast again, and I haven't been bugged yet by avira about these threats in the hour my computer's been active.
  • 0

#9
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Proposed fix:
Good job Axeman!

Step 1
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply I would like to see:
  • Malwarebytes log
  • ESET log
  • computer still ok? Any problems?

  • 0

#10
axeman61

axeman61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
You were NOT playing about the several hours with this ESET. I closed out of it twice thinking I made it stall, and when I finally was able to leave it alone, it ran 10 hours.

Something weird happened. When ESET was running, the Avira warning for TR/ATRAPS.Gen2 popped up. It happened on the two "stalls" and on the good run. However, it always happened at around an hour into the ESET scan. Perhaps ESET trying to scan a file set off Avira? I don't know. I'm just hoping I wasn't supposed to have Avira on while ESET was running. I can't take another half day. At the end of the ESET Scan, I hit "details" on the Avira warning, and moved the file into quarantine. Still getting no warning popups other than that. I had the computer on for a while before I even started running ESET. I haven't gotten any since. Things are still working great, but I'm still cautious about logging into those sensitive sites I was talking about (such as online banking).

MBAM Log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Daniel Hopkins :: DANIEL-9BE473FF [administrator]

6/23/2012 7:50:55 PM
mbam-log-2012-06-23 (19-50-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229435
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Log
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c13e9c43f4d42247971b36529f57e7b7
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-24 12:11:41
# local_time=2012-06-23 08:11:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777175 100 0 20439185 20439185 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=638
# found=0
# cleaned=0
# scan_time=228
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c13e9c43f4d42247971b36529f57e7b7
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-24 01:47:43
# local_time=2012-06-24 09:47:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777175 100 0 20453645 20453645 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88388
# found=4
# cleaned=4
# scan_time=34729
D:\Shared Media\Software\Archives - Software\evid4226patch223d-en.zip Win32/Tool.EvID4226 application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Shared Media\Software\Archives - Software\FFSetup220.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Shared Media\Software\Software - Audio and Video\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Shared Media\Software\Software - File Management\cnet2_Unlocker1_9_1_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#11
axeman61

axeman61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here's another MBAM log I ran after the Avira Quarantine.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Daniel Hopkins :: DANIEL-9BE473FF [administrator]

6/24/2012 10:29:36 AM
mbam-log-2012-06-24 (10-29-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229486
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hello Axeman,
Great job so far. If you had disabled Avira before you did the ESET scan, it would not have popped up that alert, and probably ran somewhat faster, but no harm done, other than take forever!

Your Internet Explorer is very much out of date, you can upgrade to IE8, as IE9 is only available for Vista and above.
Please go here and the Microsoft site will detect the correct version for you.
Even if you don't use IE, it is best to update it.

There are probably some files in Avira's quarantine, so please Right-click on the Avira system tray icon, then click on Start Avira > Administration > Quarantine. Select all the items in there and click on Delete selected object(s) from quarantine

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • Go Start > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
axeman61

axeman61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It's been more than a day. I haven't had any problems. Thanks a lot for your help, Crowbar.
  • 0

#14
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Excellent :thumbsup:

You are very welcome. :cool:
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP