Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.PornDialer Found [Solved]

Started by creativesounds , Jun 30 2012 04:30 PM

  • This topic is locked This topic is locked

#1
creativesounds
Posted 30 June 2012 - 04:30 PM

creativesounds

    New Member

  • Member
  • Pip
  • 8 posts
Hi everyone,

First of all, thanks to those that can help me out. Here is the situation:

Have been noticing some programs freezing on me over the past day (itunes, windows media player). Also have been experiencing really slow internet (though I think this is due to a faulty modem. Had it replaced today and the internet seems alright now). Decided to run a Malwarebytes full system scan and it found this: Trojan.PornDialer in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connect. MBAM successfully quarantined and delete the file. Then I ran SuperAntiSpyware and it just found a bunch of browser tracking cookies.

So my question is... am I all clear now?

Thanks for any help. OTL log follows:


OTL logfile created on: 30/06/2012 6:16:49 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\George\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.24 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 59.07% Memory free
6.68 Gb Paging File | 5.39 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 216.63 Gb Free Space | 46.51% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 121.23 Gb Free Space | 26.03% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 274.70 Gb Free Space | 29.49% Space Free | Partition Type: NTFS

Computer Name: GEORGEPC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/30 18:08:13 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\George\Downloads\OTL.exe
PRC - [2012/06/26 13:33:03 | 003,906,432 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/29 16:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 16:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/16 05:32:36 | 004,230,144 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011/09/08 18:08:40 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/03 00:08:50 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2010/10/08 13:51:46 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe
PRC - [2010/10/08 12:45:56 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe
PRC - [2010/10/07 14:04:44 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files\Avid\Mbox\AudioDevMon.exe
PRC - [2009/12/30 14:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) -- C:\Windows\System32\LxrSII1s.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/30 18:15:53 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/30 18:15:52 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/30 17:59:27 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/30 17:59:27 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/22 22:34:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/17 15:23:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/16 05:32:36 | 004,230,144 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011/09/08 18:08:40 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/03 00:08:50 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/03/02 23:30:44 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2010/10/08 13:51:46 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe -- (MboxMiniAudioDevMon)
SRV - [2010/10/08 12:45:56 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe -- (MboxProAudioDevMon)
SRV - [2010/10/07 14:04:44 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files\Avid\Mbox\AudioDevMon.exe -- (MboxAudioDevMon)
SRV - [2009/12/30 14:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) [Auto | Running] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/30 18:15:22 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA13F019-242C-4D6A-9671-78B14CB6B03A}\MpKsl0f1da3ec.sys -- (MpKsl0f1da3ec)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/29 19:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/07 06:54:16 | 000,346,192 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gbxavs.sys -- (gbxavs)
DRV - [2011/07/07 06:54:16 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gbxusb.sys -- (gbxusb_svc)
DRV - [2011/07/07 06:54:16 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gbxusb.sys -- (gbxusb)
DRV - [2011/06/28 17:05:20 | 000,021,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2011/06/28 17:04:14 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011/02/13 10:02:08 | 000,023,472 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgmbx2fu.sys -- (MBX2DFU)
DRV - [2011/02/13 10:02:06 | 000,131,120 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgmbx2.sys -- (DGUSBAP) Service for Digidesign Mbox2 (WDM)
DRV - [2009/12/30 11:36:56 | 000,063,448 | ---- | M] (Lexar Media, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2009/12/18 23:39:56 | 000,021,904 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2009/12/18 23:39:48 | 000,016,400 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2009/12/18 23:39:34 | 000,085,008 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/09/17 03:09:53 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF A1 6F F0 BD 36 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\George\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\George\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 15:23:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 21:32:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/20 19:56:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 15:23:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 21:32:59 | 000,000,000 | ---D | M]

[2012/03/17 13:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2012/05/02 22:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\r7u52m6h.default\extensions
[2012/04/09 15:19:47 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\r7u52m6h.default\extensions\[email protected]
[2012/03/17 13:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/17 15:23:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/06 21:12:07 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/06 21:12:07 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/06 21:12:07 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/06 21:12:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/06 21:12:07 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\George\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\George\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: PACE Client Helper Plugin (Enabled) = C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\George\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{656AEBC2-F8B0-4295-9786-B6601538626B}: DhcpNameServer = 64.71.255.198
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 17:59:18 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/30 17:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/30 17:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/30 17:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/30 12:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2012/06/30 12:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/06/28 21:18:58 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\The Game
[2012/06/24 10:05:35 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Arturia
[2012/06/24 10:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
[2012/06/24 10:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Arturia
[2012/06/24 10:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Arturia
[2012/06/14 21:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/14 21:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/14 21:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/11 09:33:29 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Macromedia
[2012/06/10 23:02:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/10 23:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/06/10 22:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/08 16:04:13 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\thumbnails for gsd
[2012/06/06 18:44:58 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{0463E7C9-58C7-43C8-86E1-A223F8C4D904}
[2012/06/06 18:44:48 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{E5C32085-A3F9-4019-98BD-9BCE1A6B0D78}
[2012/06/05 18:56:15 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{2FB612B6-288B-4373-B175-1684F02BFD94}
[2012/06/05 18:56:04 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{24AD3E76-180D-4B6A-BFF9-DC07405D36CF}
[2012/06/04 22:28:18 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{282A6DC7-3D41-4600-AC30-F1302BE81A4C}
[2012/06/04 22:28:08 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{DA0E2649-2528-4ECC-919E-91C9C14DEF67}
[2012/06/04 22:27:55 | 000,000,000 | ---D | C] -- C:\Users\George\Tracing
[2012/06/04 22:25:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/06/04 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/04 22:20:37 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Windows Live
[2012/06/04 22:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/06/04 20:10:36 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\FROM FLASH DRIVE
[1 C:\Users\George\*.tmp files -> C:\Users\George\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/30 18:15:02 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 18:15:02 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 18:14:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 18:14:51 | 3484,028,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 17:59:14 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/30 17:52:09 | 000,054,838 | ---- | M] () -- C:\Users\George\Desktop\quarantine.jpg
[2012/06/30 17:50:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344648915-1114763742-1995564802-1000UA.job
[2012/06/30 17:33:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/30 16:50:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344648915-1114763742-1995564802-1000Core.job
[2012/06/30 14:13:22 | 000,039,424 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/30 12:41:29 | 000,610,860 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/30 12:41:29 | 000,109,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/28 22:09:03 | 000,173,125 | ---- | M] () -- C:\Users\George\Desktop\eusmartphone2.jpg
[2012/06/28 22:06:04 | 000,149,540 | ---- | M] () -- C:\Users\George\Desktop\eusmartphone.jpg
[2012/06/24 21:42:25 | 000,009,008 | ---- | M] () -- C:\Users\George\Desktop\Eric Ward Links To Follow Up On.rtf
[2012/06/24 10:03:37 | 000,001,054 | ---- | M] () -- C:\Users\George\Desktop\minimoog V Original.lnk
[2012/06/22 22:46:12 | 001,138,100 | ---- | M] () -- C:\Users\George\Desktop\AudioEquipment.pdf
[2012/06/18 20:48:18 | 000,010,426 | ---- | M] () -- C:\Users\George\Desktop\style.css
[2012/06/17 18:11:47 | 000,000,340 | ---- | M] () -- C:\Users\George\AppData\Roaming\ftpfile.dat
[2012/06/14 21:28:51 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/13 18:48:51 | 000,264,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/12 19:01:50 | 000,002,047 | ---- | M] () -- C:\Users\George\Desktop\Google Chrome.lnk
[2012/06/12 19:01:50 | 000,002,009 | ---- | M] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/08 21:56:47 | 000,010,426 | ---- | M] () -- C:\Users\George\Desktop\index-style.css
[2012/06/02 17:42:17 | 002,254,241 | ---- | M] () -- C:\Users\George\Desktop\PSA700CUGad-EN.pdf
[1 C:\Users\George\*.tmp files -> C:\Users\George\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/30 17:59:14 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/30 17:52:09 | 000,054,838 | ---- | C] () -- C:\Users\George\Desktop\quarantine.jpg
[2012/06/30 12:39:35 | 000,001,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/06/28 22:09:02 | 000,173,125 | ---- | C] () -- C:\Users\George\Desktop\eusmartphone2.jpg
[2012/06/28 22:06:02 | 000,149,540 | ---- | C] () -- C:\Users\George\Desktop\eusmartphone.jpg
[2012/06/24 22:29:15 | 000,009,008 | ---- | C] () -- C:\Users\George\Desktop\Eric Ward Links To Follow Up On.rtf
[2012/06/24 10:03:37 | 000,001,054 | ---- | C] () -- C:\Users\George\Desktop\minimoog V Original.lnk
[2012/06/22 22:46:14 | 001,138,100 | ---- | C] () -- C:\Users\George\Desktop\AudioEquipment.pdf
[2012/06/18 20:48:17 | 000,010,426 | ---- | C] () -- C:\Users\George\Desktop\style.css
[2012/06/14 21:28:51 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/08 21:56:47 | 000,010,426 | ---- | C] () -- C:\Users\George\Desktop\index-style.css
[2012/06/04 22:25:16 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/06/02 17:42:21 | 002,254,241 | ---- | C] () -- C:\Users\George\Desktop\PSA700CUGad-EN.pdf
[2012/05/25 22:43:22 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/04/22 16:12:22 | 004,424,704 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012/04/08 19:40:36 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/04/08 19:39:46 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012/04/08 19:39:32 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012/04/08 19:39:32 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012/04/08 19:39:30 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012/04/08 19:39:30 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012/04/08 19:39:28 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012/04/08 19:39:28 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012/04/08 19:39:26 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012/03/30 21:27:35 | 000,000,340 | ---- | C] () -- C:\Users\George\AppData\Roaming\ftpfile.dat
[2012/03/30 20:26:39 | 000,000,108 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/03/29 10:21:26 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/03/29 10:21:18 | 006,582,226 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012/03/29 10:21:18 | 001,152,365 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012/03/29 10:21:18 | 000,374,152 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/03/29 10:21:18 | 000,207,872 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/03/29 10:21:18 | 000,144,523 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2012/03/26 11:38:04 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/26 11:24:07 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2012/03/26 11:24:07 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/03/18 19:56:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2012/03/18 17:48:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/18 17:31:34 | 000,000,112 | ---- | C] () -- C:\Users\George\AppData\Roaming\msregsvv.dll
[2012/03/18 17:31:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\autobk.inc
[2012/03/18 13:04:22 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2012/03/17 16:55:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/17 16:42:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/17 16:42:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/17 16:39:06 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/03/17 12:55:22 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2012/03/16 20:59:41 | 000,039,424 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/16 20:20:22 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/06/28 17:05:20 | 000,021,112 | ---- | C] () -- C:\Windows\System32\iLokDrvr.sys
[2011/06/28 17:05:20 | 000,021,112 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011/05/30 09:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/23 03:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/03 07:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 07:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 07:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/08/18 15:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini

========== LOP Check ==========

[2012/06/28 20:50:46 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Applian FLV and Media Player
[2012/06/24 10:05:35 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Arturia
[2012/06/24 15:28:22 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Digidesign
[2012/06/27 22:15:05 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\FileZilla
[2012/03/18 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\IK Multimedia
[2012/03/26 11:05:20 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Leadertech
[2012/03/18 11:32:06 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Notepad++
[2012/03/20 20:36:47 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Opera
[2012/03/25 18:39:48 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\PACE Anti-Piracy
[2012/05/03 21:14:58 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Philipp Winterberg
[2012/03/17 14:06:39 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Thunderbird
[2012/03/18 13:45:53 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Trillium Lane
[2012/03/26 11:22:52 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Waves Audio
[2012/06/30 18:13:32 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1349 bytes -> C:\ProgramData\Microsoft:L2irf0cuSIsr0ofsbtFXNfVw
@Alternate Data Stream - 1268 bytes -> C:\Users\George\AppData\Local\XKfiXG1a:dvSsRwE0PLas0hP6v8sSZybp9
@Alternate Data Stream - 1261 bytes -> C:\Users\George\AppData\Local\F4dQf0CA:ZA65Ne8pxTt8Z3ll2zEt
@Alternate Data Stream - 1245 bytes -> C:\ProgramData\Microsoft:vmOFB5jrkuXoJXTaHZsdOp5j
@Alternate Data Stream - 1236 bytes -> C:\ProgramData\Microsoft:mqLHk6cSwcB8AEcEc1XBft
@Alternate Data Stream - 1218 bytes -> C:\ProgramData\Microsoft:FMFKFkPTOA6OE45s8xGokhlRB
@Alternate Data Stream - 1184 bytes -> C:\Users\George\AppData\Local\AdiocOViqaM8:SZyrdXtfh3ZL7AeZRprdLB1Fd9w
@Alternate Data Stream - 1175 bytes -> C:\ProgramData\Microsoft:JCoBwIbiTXenBP4YGr36WBSx
@Alternate Data Stream - 1159 bytes -> C:\ProgramData\Microsoft:qWCyDhDslTgytA4cngmNH81
@Alternate Data Stream - 1068 bytes -> C:\ProgramData\Microsoft:KH5ff28HaT7RVrqk

< End of report >
  • 0

Advertisements

#2
jeffce
Posted 02 July 2012 - 08:52 AM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi and welcome! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands.

----------

Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Posted Image
Click the image to enlarge it
----------
  • 0

#3
creativesounds
Posted 02 July 2012 - 12:20 PM

creativesounds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Jeff!

Thanks for the help. Here is the aswMBR scan results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 12:58:33
-----------------------------
12:58:33.700 OS Version: Windows 6.0.6002 Service Pack 2
12:58:33.700 Number of processors: 4 586 0xF0B
12:58:33.702 ComputerName: GEORGEPC UserName: George
12:59:01.194 Initialize success
13:00:07.418 AVAST engine defs: 12070201
13:00:30.983 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:00:30.985 Disk 0 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
13:00:30.987 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
13:00:30.989 Disk 1 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
13:00:30.998 Disk 1 MBR read successfully
13:00:31.001 Disk 1 MBR scan
13:00:31.018 Disk 1 Windows VISTA default MBR code
13:00:31.046 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
13:00:31.060 Disk 1 scanning sectors +976771072
13:00:31.173 Disk 1 scanning C:\Windows\system32\drivers
13:00:55.326 Service scanning
13:01:08.575 Service MpKsl040d7a30 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C68C949-940B-41E2-A5E6-15F504EC80E5}\MpKsl040d7a30.sys **LOCKED** 32
13:01:29.914 Modules scanning
13:01:41.478 Disk 1 trace - called modules:
13:01:41.507 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:01:41.510 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8621eac8]
13:01:41.514 3 CLASSPNP.SYS[8b3c68b3] -> nt!IofCallDriver -> [0x85755bc0]
13:01:41.519 5 acpi.sys[8ac8e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85775390]
13:01:42.827 AVAST engine scan C:\Windows
13:01:49.348 AVAST engine scan C:\Windows\system32
13:07:54.517 AVAST engine scan C:\Windows\system32\drivers
13:08:26.249 AVAST engine scan C:\Users\George
14:15:21.842 AVAST engine scan C:\ProgramData
14:18:07.082 Disk 1 MBR has been saved successfully to "C:\Users\George\Desktop\MBR.dat"
14:18:07.166 The log file has been saved successfully to "C:\Users\George\Desktop\aswMBR.txt"
  • 0

#4
jeffce
Posted 02 July 2012 - 05:41 PM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

If you are running Malwarebytes 1.6 or better, please disable it for the duration of this run.

To disable Malwarebytes
  • Open the scanner and select the Protection tab
  • Remove the tick from "Start Protection Module with Windows" as seen below
Posted Image

Once complete continue with the instructions...
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF A1 6F F0 BD 36 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
[2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/06 18:44:58 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{0463E7C9-58C7-43C8-86E1-A223F8C4D904}
[2012/06/06 18:44:48 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{E5C32085-A3F9-4019-98BD-9BCE1A6B0D78}
[2012/06/05 18:56:15 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{2FB612B6-288B-4373-B175-1684F02BFD94}
[2012/06/05 18:56:04 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{24AD3E76-180D-4B6A-BFF9-DC07405D36CF}
[2012/06/04 22:28:18 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{282A6DC7-3D41-4600-AC30-F1302BE81A4C}
[2012/06/04 22:28:08 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\{DA0E2649-2528-4ECC-919E-91C9C14DEF67}
[1 C:\Users\George\*.tmp files -> C:\Users\George\*.tmp -> ]
[2012/06/30 14:13:22 | 000,039,424 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 1349 bytes -> C:\ProgramData\Microsoft:L2irf0cuSIsr0ofsbtFXNfVw
@Alternate Data Stream - 1268 bytes -> C:\Users\George\AppData\Local\XKfiXG1a:dvSsRwE0PLas0hP6v8sSZybp9
@Alternate Data Stream - 1261 bytes -> C:\Users\George\AppData\Local\F4dQf0CA:ZA65Ne8pxTt8Z3ll2zEt
@Alternate Data Stream - 1245 bytes -> C:\ProgramData\Microsoft:vmOFB5jrkuXoJXTaHZsdOp5j
@Alternate Data Stream - 1236 bytes -> C:\ProgramData\Microsoft:mqLHk6cSwcB8AEcEc1XBft
@Alternate Data Stream - 1218 bytes -> C:\ProgramData\Microsoft:FMFKFkPTOA6OE45s8xGokhlRB
@Alternate Data Stream - 1184 bytes -> C:\Users\George\AppData\Local\AdiocOViqaM8:SZyrdXtfh3ZL7AeZRprdLB1Fd9w
@Alternate Data Stream - 1175 bytes -> C:\ProgramData\Microsoft:JCoBwIbiTXenBP4YGr36WBSx
@Alternate Data Stream - 1159 bytes -> C:\ProgramData\Microsoft:qWCyDhDslTgytA4cngmNH81
@Alternate Data Stream - 1068 bytes -> C:\ProgramData\Microsoft:KH5ff28HaT7RVrqk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
  • 0

#5
creativesounds
Posted 02 July 2012 - 07:08 PM

creativesounds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi again Jeff. Thanks again for the help.

I have followed all your above instructions. Here is the OTL log as you requested:

OTL logfile created on: 02/07/2012 8:54:34 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\George\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.24 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 55.75% Memory free
6.68 Gb Paging File | 5.28 Gb Available in Paging File | 79.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 217.75 Gb Free Space | 46.75% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 121.23 Gb Free Space | 26.03% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 272.39 Gb Free Space | 29.24% Space Free | Partition Type: NTFS

Computer Name: GEORGEPC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/02 15:22:34 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\George\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2012/06/30 18:08:13 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\George\Downloads\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 16:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 16:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/16 05:32:36 | 004,230,144 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011/09/08 18:08:40 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/03 00:08:50 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2010/10/08 13:51:46 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe
PRC - [2010/10/08 12:45:56 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe
PRC - [2010/10/07 14:04:44 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files\Avid\Mbox\AudioDevMon.exe
PRC - [2009/12/30 14:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) -- C:\Windows\System32\LxrSII1s.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 06:28:56 | 000,438,296 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 06:28:54 | 003,972,120 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012/06/28 06:27:40 | 000,554,520 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 06:27:38 | 000,117,784 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
MOD - [2012/06/28 06:27:29 | 000,140,328 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 06:27:28 | 000,262,184 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 06:27:26 | 002,386,984 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/28 04:27:26 | 009,252,040 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/14 19:37:52 | 011,796,096 | ---- | M] () -- C:\Users\George\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/07/18 17:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/22 22:34:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/17 15:23:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/16 05:32:36 | 004,230,144 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011/09/08 18:08:40 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/03 00:08:50 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/03/02 23:30:44 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2010/10/08 13:51:46 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe -- (MboxMiniAudioDevMon)
SRV - [2010/10/08 12:45:56 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe -- (MboxProAudioDevMon)
SRV - [2010/10/07 14:04:44 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files\Avid\Mbox\AudioDevMon.exe -- (MboxAudioDevMon)
SRV - [2009/12/30 14:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) [Auto | Running] -- C:\Windows\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/02 20:49:51 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6CA0E0D-D126-4146-ACC2-96D58EC78565}\MpKslacff2354.sys -- (MpKslacff2354)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/29 19:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/07 06:54:16 | 000,346,192 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gbxavs.sys -- (gbxavs)
DRV - [2011/07/07 06:54:16 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gbxusb.sys -- (gbxusb_svc)
DRV - [2011/07/07 06:54:16 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gbxusb.sys -- (gbxusb)
DRV - [2011/06/28 17:05:20 | 000,021,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2011/06/28 17:04:14 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011/02/13 10:02:08 | 000,023,472 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgmbx2fu.sys -- (MBX2DFU)
DRV - [2011/02/13 10:02:06 | 000,131,120 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgmbx2.sys -- (DGUSBAP) Service for Digidesign Mbox2 (WDM)
DRV - [2009/12/30 11:36:56 | 000,063,448 | ---- | M] (Lexar Media, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2009/12/18 23:39:56 | 000,021,904 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2009/12/18 23:39:48 | 000,016,400 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2009/12/18 23:39:34 | 000,085,008 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/09/17 03:09:53 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\George\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\George\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 15:23:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 21:32:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/20 19:56:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 15:23:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 21:32:59 | 000,000,000 | ---D | M]

[2012/03/17 13:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2012/05/02 22:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\r7u52m6h.default\extensions
[2012/04/09 15:19:47 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\r7u52m6h.default\extensions\[email protected]
[2012/03/17 13:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/17 15:23:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/06 21:12:07 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/05/06 21:12:07 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/06 21:12:07 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/06 21:12:10 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/06 21:12:07 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\George\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\George\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: PACE Client Helper Plugin (Enabled) = C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\George\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/02 20:47:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\George\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{656AEBC2-F8B0-4295-9786-B6601538626B}: DhcpNameServer = 64.71.255.198
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 20:23:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/02 20:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/02 20:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/02 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
[2012/07/02 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\SanDisk
[2012/07/02 15:25:27 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Proxure
[2012/07/02 15:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012/07/02 15:22:45 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\SanDisk SecureAccess
[2012/07/02 12:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/02 12:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/02 12:55:17 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/02 12:55:17 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/02 12:55:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/02 12:55:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/30 17:59:18 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/30 17:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/30 17:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/30 17:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/30 12:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2012/06/30 12:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/06/24 10:05:35 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\Arturia
[2012/06/24 10:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
[2012/06/24 10:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Arturia
[2012/06/24 10:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Arturia
[2012/06/18 18:05:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/18 18:05:42 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/18 18:05:27 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/18 18:05:27 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/18 18:05:27 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/18 18:05:19 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/18 18:05:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 21:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/14 21:28:49 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/06/14 21:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/14 21:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 23:12:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/12 23:12:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/12 23:12:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/12 23:11:59 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/12 23:11:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/12 23:11:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/12 23:11:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/12 18:58:26 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/11 09:33:29 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Macromedia
[2012/06/10 23:02:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/10 23:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/06/10 22:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/08 16:04:13 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\thumbnails for gsd
[2012/06/04 22:27:55 | 000,000,000 | ---D | C] -- C:\Users\George\Tracing
[2012/06/04 22:25:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/06/04 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/04 22:20:37 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Windows Live
[2012/06/04 22:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/06/04 20:10:36 | 000,000,000 | ---D | C] -- C:\Users\George\Desktop\FROM FLASH DRIVE

========== Files - Modified Within 30 Days ==========

[2012/07/02 20:50:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344648915-1114763742-1995564802-1000UA.job
[2012/07/02 20:49:33 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 20:49:33 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 20:49:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/02 20:48:54 | 3484,028,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/02 20:47:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/07/02 20:34:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/02 20:17:35 | 000,000,733 | ---- | M] () -- C:\Users\George\Desktop\NTREGOPT.lnk
[2012/07/02 20:17:35 | 000,000,714 | ---- | M] () -- C:\Users\George\Desktop\ERUNT.lnk
[2012/07/02 16:50:21 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344648915-1114763742-1995564802-1000Core.job
[2012/07/02 15:41:07 | 000,610,860 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/02 15:41:07 | 000,109,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/02 15:21:23 | 000,000,272 | ---- | M] () -- C:\Users\George\AppData\Roaming\.backup.dm
[2012/07/02 14:18:07 | 000,000,512 | ---- | M] () -- C:\Users\George\Desktop\MBR.dat
[2012/07/02 12:55:04 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/02 12:55:04 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/01 23:00:11 | 000,002,047 | ---- | M] () -- C:\Users\George\Desktop\Google Chrome.lnk
[2012/07/01 23:00:11 | 000,002,009 | ---- | M] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/30 17:59:14 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/30 17:52:09 | 000,054,838 | ---- | M] () -- C:\Users\George\Desktop\quarantine.jpg
[2012/06/24 21:42:25 | 000,009,008 | ---- | M] () -- C:\Users\George\Desktop\Eric Ward Links To Follow Up On.rtf
[2012/06/24 10:03:37 | 000,001,054 | ---- | M] () -- C:\Users\George\Desktop\minimoog V Original.lnk
[2012/06/22 22:34:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/22 22:34:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/17 18:11:47 | 000,000,340 | ---- | M] () -- C:\Users\George\AppData\Roaming\ftpfile.dat
[2012/06/14 21:28:51 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/13 18:48:51 | 000,264,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/08 21:56:47 | 000,010,426 | ---- | M] () -- C:\Users\George\Desktop\index-style.css

========== Files Created - No Company Name ==========

[2012/07/02 20:17:35 | 000,000,733 | ---- | C] () -- C:\Users\George\Desktop\NTREGOPT.lnk
[2012/07/02 20:17:35 | 000,000,714 | ---- | C] () -- C:\Users\George\Desktop\ERUNT.lnk
[2012/07/02 15:21:23 | 000,000,272 | ---- | C] () -- C:\Users\George\AppData\Roaming\.backup.dm
[2012/07/02 14:18:07 | 000,000,512 | ---- | C] () -- C:\Users\George\Desktop\MBR.dat
[2012/06/30 17:59:14 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/30 17:52:09 | 000,054,838 | ---- | C] () -- C:\Users\George\Desktop\quarantine.jpg
[2012/06/30 12:39:35 | 000,001,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/06/24 22:29:15 | 000,009,008 | ---- | C] () -- C:\Users\George\Desktop\Eric Ward Links To Follow Up On.rtf
[2012/06/24 10:03:37 | 000,001,054 | ---- | C] () -- C:\Users\George\Desktop\minimoog V Original.lnk
[2012/06/14 21:28:51 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/08 21:56:47 | 000,010,426 | ---- | C] () -- C:\Users\George\Desktop\index-style.css
[2012/06/04 22:25:16 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/05/25 22:43:22 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/04/22 16:12:22 | 004,424,704 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012/04/08 19:40:36 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/04/08 19:39:46 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012/04/08 19:39:32 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012/04/08 19:39:32 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012/04/08 19:39:30 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012/04/08 19:39:30 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012/04/08 19:39:28 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012/04/08 19:39:28 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012/04/08 19:39:26 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012/03/30 21:27:35 | 000,000,340 | ---- | C] () -- C:\Users\George\AppData\Roaming\ftpfile.dat
[2012/03/30 20:26:39 | 000,000,108 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/03/29 10:21:26 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/03/29 10:21:18 | 006,582,226 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012/03/29 10:21:18 | 001,152,365 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012/03/29 10:21:18 | 000,374,152 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/03/29 10:21:18 | 000,207,872 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/03/29 10:21:18 | 000,144,523 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2012/03/26 11:38:04 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/26 11:24:07 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2012/03/26 11:24:07 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/03/18 19:56:34 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2012/03/18 17:48:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/18 17:31:34 | 000,000,112 | ---- | C] () -- C:\Users\George\AppData\Roaming\msregsvv.dll
[2012/03/18 17:31:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\autobk.inc
[2012/03/18 13:04:22 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2012/03/17 16:55:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/17 16:42:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/17 16:42:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/17 16:39:06 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/03/17 12:55:22 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2012/03/16 20:20:22 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/06/28 17:05:20 | 000,021,112 | ---- | C] () -- C:\Windows\System32\iLokDrvr.sys
[2011/06/28 17:05:20 | 000,021,112 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011/05/30 09:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/23 03:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/03 07:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 07:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 07:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/08/18 15:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini

< End of report >
  • 0

#6
jeffce
Posted 02 July 2012 - 07:45 PM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

When you ran OTL the first time was there a log created named Extras.txt? If so please post that.

If not, do the following...

Please open OTL.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)
  • In the Extra Registry section change it to All
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open 2 notepad windows, OTL.Txt and Extra.txt. Please post the Extra.txt.
----------
  • 0

#7
creativesounds
Posted 02 July 2012 - 07:59 PM

creativesounds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Jeff,

Sorry, didn't know you wanted that posted. Here you go :)


OTL Extras logfile created on: 02/07/2012 9:50:15 PM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\George\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.24 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 58.90% Memory free
6.71 Gb Paging File | 5.55 Gb Available in Paging File | 82.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 217.73 Gb Free Space | 46.75% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 121.23 Gb Free Space | 26.03% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 272.31 Gb Free Space | 29.23% Space Free | Partition Type: NTFS

Computer Name: GEORGEPC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\George\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0462AAA0-8FDF-466C-81A2-16C5562C82AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{075D734C-4900-451F-AA2C-4542515A5775}" = rport=445 | protocol=6 | dir=out | app=system |
"{243CE269-D236-435F-AC89-CA23B4295E48}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43CDA534-0359-4C55-8C99-592BA2FED7C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B4B5C51-A9CC-4E71-BADC-2AF986916D8B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E36EC51-37AD-4653-A1DE-532743514225}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76BE5B98-6290-4BFC-9E4D-36D8C591193C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{794178EB-B984-407B-AB4E-2D6A51354B55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E67C7B6-C08A-4860-A87C-9BEC17CED91D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{885DDD53-B7B8-4D8E-B8F4-C1BB83BEA482}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8B1ED713-7CF4-475B-9EED-3C72EEC79844}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D9D0697-902F-41DA-8977-A46F6B161A86}" = lport=138 | protocol=17 | dir=in | app=system |
"{9246D6D3-788B-41A8-8B58-E86A53953622}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A89CA305-9BA9-4F1E-B6F0-348C49DB90A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{AF202A47-D646-47E7-9FBE-A77D77E18969}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B1CD4B20-AA02-4F11-8E53-3710C829960A}" = lport=445 | protocol=6 | dir=in | app=system |
"{C7D5A13D-F208-4F25-9780-4F5200332BA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDD01BFE-3415-4D57-AAD9-AFE81FEBEBF6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EEF5FF16-9BB0-45F9-BD7B-6B4A9919AAB8}" = rport=139 | protocol=6 | dir=out | app=system |
"{F39CD09F-12EB-42A0-8A90-A521174D36BC}" = lport=139 | protocol=6 | dir=in | app=system |
"{FE94D053-E746-449E-ACBB-DCF068FBAA89}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014594AE-06A8-407D-83E6-EB9567E3F4F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F10E7CD-6A07-40BB-86A7-8C5F0C9AE41A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{278DF75E-42C5-4FA5-A051-62DF96351FF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FBE26BE-7AE5-45B8-BDE2-AC5D0BEF57D0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{491741A8-DFE5-483F-9D3E-AB6FAB8E5FD1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4C613766-54F1-4F0C-B2E9-2BAFE1C911EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C9D273E-2319-484E-A36E-24312A8F0C75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51A01073-2508-4E1C-BF3B-91466641A759}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6726F1E5-4724-4D00-B42D-8CAA2D3101BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68714539-D9C4-47D4-AEE5-42F63052BBBD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6E6C4997-50E5-4FF6-9AE5-38BED312F872}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{73287098-475A-4F90-AFDE-F4901539A4B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{756932FB-6DA3-4C85-90DC-36FD7EBDF0E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E425887-9008-46CC-AF04-BBBF2FBC577C}" = protocol=1 | dir=in | [email protected],-28543 |
"{95B8A68C-017F-427E-AE56-A2E1EA03E8BA}" = protocol=1 | dir=out | [email protected],-28544 |
"{B4444CA2-70D6-4E9C-A6E2-8CA1ECD66CF3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B45B01BC-DAD8-48E7-BF6E-1FDFA282B65B}" = protocol=58 | dir=in | [email protected],-28545 |
"{C2EEBDFE-A517-4B23-B849-5F46B884E283}" = protocol=58 | dir=out | [email protected],-28546 |
"{C9CA8340-4B0A-4016-96AD-1DF9653A36AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC518589-D29C-410C-B2B8-FF213883CC68}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D7577D7C-246E-42C9-B461-E5217C7A33BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ED6E95B2-FC73-44E5-8D81-42706A9A3FFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF8900AF-B173-4DE5-8C21-C9EF0E57B825}" = protocol=6 | dir=out | app=system |
"{F456CB6C-51C4-42C7-A90B-8232908E0AA5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{FD21FE0B-2979-4D17-A803-D7F248F9F72A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FFA9A9BA-2EA0-48F9-8FDA-619B4EDD2B15}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05565E8C-3AB5-49F4-A21F-27F9E38F65A0}" = Native Instruments Reaktor 5 Factory Content
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0AD07A71-772D-4C07-9D22-45AD74771C22}" = Digidesign 7.x Factory Update Patch 8.0.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F52F370-B2ED-43E4-8545-F7810D349390}" = T-RackS 3 Brickwall Limiter
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C9EDE0-8009-434b-9A52-12337A8C9625}" = Native Instruments Maschine Mikro
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F227ACA-204C-4529-BA33-D095C42C72DB}" = Avid Audio Drivers (x86)
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{3380981A-874C-49D5-BAAC-CBB2E036763B}" = EWQL Orchestra Instrument Update 1.0.2
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Avid Pro Tools Creative Collection 8.0.5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FFBBFC4-FC05-4F2E-8BB5-F0ABBA0E6487}" = Digidesign ElevenRack Driver 1.0.8 (x86)
"{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}" = Avid Pro Tools LE 8.0.5
"{40AFBF62-AB70-49F5-B0FF-D92EA8BD4833}" = Authorization Wizard Update 2.1
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{486F31E5-2C8C-45AC-8580-1E77064205DB}_is1" = T-RackS 3 Brickwall Limiter version 3.5.1
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EBE7270-A95A-4A03-82C0-41A6F38A4DB2}" = Native Instruments Maschine Factory Content 1.5
"{4F9320C8-BC03-42C3-81BE-CDD79C42BDD5}_is1" = T-RackS 3 Vintage Compressor 670 version 3.5.1
"{506A08D9-6AE4-4D02-9535-A6D4839F849A}" = T-RackS 3 Classic Clipper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5201A854-5EC2-4B23-BB01-941ADDCF1DDE}" = CSR Hall
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FA08EAD-6532-4609-9E78-DBBEBE9AE6D2}" = Visual Site Designer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{692D378E-7C7D-406E-8004-4D2A8154826E}_is1" = T-RackS 3 Classic Compressor version 3.5.1
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{71000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V7r16
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78FA75CE-B279-4419-8695-595F4611F79F}" = Monster MIDI Package
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V8r13
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{835DBAC6-C2FC-42E7-9853-8AD1201041A1}" = Avid Mbox Pro Driver 1.0.11 (x86)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.0.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94BD5EE2-317F-48D3-BC04-8ED90BF56108}" = T-RackS 3 Classic Compressor
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F40ED6-C2F9-422F-BFDC-BDABAD01675A}" = T-RackS 3 Vintage Compressor 670
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Free DigiRack Plug-Ins 8.0.5
"{A3029F78-93CA-4B84-94B5-34B6F35AA7D9}" = Avid Mbox Mini Driver 1.0.6 (x86)
"{A3AC50F5-8209-43F1-84B7-5CF732A51862}" = T-RackS 3 Program EQ 1A
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA9F152A-673D-48F0-884C-CFEBBD42C995}" = EWQL Orchestra
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABA9D41C-9682-443D-9811-55B1726130E3}" = AmpliTube 2 DUO
"{ABBE7356-3B98-4551-AB6D-A86CBA0F6432}_is1" = T-RackS 3 Vintage Program EQ 1A version 3.5.1
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD742173-309A-4BD8-9E9A-6A41D2E2E67D}" = Ampeg SVX UNO
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9101E19-411F-480A-9297-8CC008DB28B2}" = Play Update 3.0.32
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D28571EC-82E4-414D-B09D-BBA1B5B3FE55}" = Native Instruments Maschine Factory Content
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.7.1
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DD6D8C5C-468B-4E96-AB22-5B375132D16F}" = Avid Mbox Driver 1.0.19 (x86)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"{DFDDE8DC-7933-4EF9-A679-97C0BFAD8F32}" = Native Instruments Transistor Punch
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6430723-966F-4BB5-AD6A-6FFC5EDA8617}" = QL Stormdrum 2
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFF2A891-5CAF-4364-8AAC-4477B2FC2A50}_is1" = T-RackS 3 Classic Clipper version 3.5.1
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"minimoogv2_5_is1" = minimoog-v Original 2.5.3
"Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
"Mozilla Thunderbird 13.0.1 (x86 en-GB)" = Mozilla Thunderbird 13.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Komplete Synths" = Native Instruments Komplete Synths
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller" = Native Instruments Maschine Controller
"Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
"Native Instruments Maschine Factory Content" = Native Instruments Maschine Factory Content
"Native Instruments Maschine Factory Content 1.5" = Native Instruments Maschine Factory Content 1.5
"Native Instruments Maschine Mikro" = Native Instruments Maschine Mikro
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor 5 Factory Content" = Native Instruments Reaktor 5 Factory Content
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Transistor Punch" = Native Instruments Transistor Punch
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.62.1347" = Opera 11.62
"PROSet" = Intel® PRO Network Connections Drivers
"RarZilla Free Unrar" = RarZilla Free Unrar
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/06/2012 3:00:20 PM | Computer Name = GeorgePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2012 3:00:20 PM | Computer Name = GeorgePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2012 3:00:20 PM | Computer Name = GeorgePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2012 3:00:20 PM | Computer Name = GeorgePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2012 5:53:40 PM | Computer Name = GeorgePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/06/2012 5:53:40 PM | Computer Name = GeorgePC | Source = Windows Search Service | ID = 3013
Description =

Error - 20/06/2012 9:42:02 PM | Computer Name = GeorgePC | Source = Application Hang | ID = 1002
Description = The program MOVIEMK.exe version 6.0.6002.18273 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: fb4 Start Time: 01cd4f4c0a3eef90 Termination Time: 92

Error - 30/06/2012 1:41:09 PM | Computer Name = GeorgePC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6002.18311 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 148c Start Time: 01cd56e77df16386 Termination Time: 6

Error - 30/06/2012 2:02:09 PM | Computer Name = GeorgePC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6002.18311 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1430 Start Time: 01cd56ea6df38a98 Termination Time: 7

Error - 02/07/2012 5:10:14 PM | Computer Name = GeorgePC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.6.3.25 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: bf4 Start Time: 01cd58968f6f99c7 Termination Time: 9


< End of report >
  • 0

#8
jeffce
Posted 03 July 2012 - 06:18 AM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
  • Copy and paste/or attach that log as a reply to this topic
**Note** If not threats are found there will not be a log created.
----------

In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)
  • 0

#9
creativesounds
Posted 03 July 2012 - 08:24 PM

creativesounds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Jeff,

Thanks again for the help. Malwarebytes came back clean and so did ESET.

ESET Screenshot:
Posted Image


Malwarebytes Log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.03.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
George :: GEORGEPC [administrator]

03/07/2012 7:06:43 PM
mbam-log-2012-07-03 (19-06-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281427
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
jeffce
Posted 04 July 2012 - 10:01 AM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Great! How is your system running now? :)
  • 0

Advertisements

#11
creativesounds
Posted 04 July 2012 - 10:53 AM

creativesounds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Seems to be running smoothly (touch wood)... I guess this means the threat has probably been removed? Or is there something else we should try?
  • 0

#12
jeffce
Posted 04 July 2012 - 12:13 PM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Providing there are no other malware related problems...

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

Clean up with OTL:
  • Right-click and Run as Administrator OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
If you didn't already have it I would keep Malwarebytes AntiMalware though.

Here are some tips to reduce the potential for spyware infection in the future:

1. Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
  • 0

#13
creativesounds
Posted 04 July 2012 - 07:05 PM

creativesounds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Jeff,

Thanks for the follow-up. Is it normal for OTL to take >20 minutes once the CleanUp button is pressed? It seems like it is frozen... not sure if I should kill it and try again?
  • 0

#14
creativesounds
Posted 04 July 2012 - 07:44 PM

creativesounds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, seems to have finally asked for a reboot (50 minutes later). Ok, I have followed all steps. Thanks again for all your help Jeff!
  • 0

#15
jeffce
Posted 04 July 2012 - 08:00 PM

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

You are more than welcome! Glad that I was able to help. :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP