Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect bug!


  • Please log in to reply

#31
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ESET Service Repair run.

Here's Farbar:

Farbar Service Scanner Version: 06-08-2012
Ran by Mark V. Sanderford (administrator) on 15-09-2012 at 14:34:02
Running from "C:\Documents and Settings\Mark V. Sanderford\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS.0\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS.0\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS.0\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS.0\system32\netman.dll => MD5 is legit
C:\WINDOWS.0\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\srsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS.0\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS.0\system32\qmgr.dll => MD5 is legit
C:\WINDOWS.0\system32\es.dll => MD5 is legit
C:\WINDOWS.0\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\svchost.exe => MD5 is legit
C:\WINDOWS.0\system32\rpcss.dll => MD5 is legit
C:\WINDOWS.0\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000056000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
It looks like your C:\WINDOWS.0\system32\sfcfiles.dll is infected or at least not right. I'll up load one from my XP in the next post. Download it, Save it, Right click and Extract All. See if you can copy it to C:\WINDOWS.0\system32\sfcfiles.dll and overwrite the old one. If not we can have OTL do it.
  • 0

#33
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OK!
  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Here it is
  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Once you do that, run Combofix again and let's see if it is now happy with the file.

Farbar says BITS is still not running. Start, Run, services.msc, OK and find the Background Intelligent Transfer Service (BITS) and see if it has Started. IF not try to Start it and tell me what error you get if any.
  • 0

#36
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I've replaced the dll file - now for Combofix.
  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Just checked and Farbar is correct. BITS start should be Automatic so right click on Background Intelligent Transfer Service (BITS) and select Properties then change the Startup Type: to Automatic and Apply. Then try and Start the service.
  • 0

#38
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
RE: BITS
I set it on automatic, OK, and tried to start it.. got error #126 Service Module could not be found.






ComboFix 12-08-29.03 - Mark V. Sanderford 09/15/2012 14:57:09.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2523 [GMT -4:00]
Running from: c:\documents and settings\Mark V. Sanderford\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 17:00 . 2012-09-15 17:00 -------- d-----w- c:\documents and settings\Mark V. Sanderford\Application Data\QuickScan
2012-09-15 15:01 . 2012-09-15 15:01 -------- d-----w- c:\program files\ESET
2012-09-15 01:02 . 2012-09-15 01:02 -------- d-----w- C:\_OTL
2012-09-14 15:37 . 2012-09-14 15:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\boost_interprocess
2012-09-12 18:04 . 2012-09-12 18:04 -------- d-----w- C:\_OTM
2012-09-12 17:34 . 2012-09-12 17:34 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-12 11:02 . 2012-09-12 11:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\AdFender
2012-09-11 12:07 . 2012-09-11 12:07 -------- d-----w- c:\documents and settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
2012-09-11 12:07 . 2012-09-11 12:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-11 12:07 . 2012-09-11 12:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
2012-09-11 11:36 . 2012-09-11 11:36 388096 ----a-r- c:\documents and settings\Mark V. Sanderford\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-11 11:36 . 2012-09-11 11:36 -------- d-----w- c:\program files\Trend Micro
2012-09-11 00:58 . 2012-09-11 00:58 -------- d-----w- c:\documents and settings\Administrator.MARK-59C0B947BC\Local Settings\Application Data\Opera
2012-09-11 00:56 . 2012-09-11 00:56 -------- d-----w- c:\documents and settings\Administrator.MARK-59C0B947BC\Application Data\CallingID
2012-09-11 00:56 . 2012-09-11 00:56 -------- d-sh--w- c:\documents and settings\Administrator.MARK-59C0B947BC\PrivacIE
2012-09-11 00:50 . 2012-09-11 00:50 -------- d-----w- c:\documents and settings\Administrator.MARK-59C0B947BC\Application Data\Malwarebytes
2012-09-11 00:39 . 2012-09-11 00:39 -------- d-sh--w- c:\documents and settings\Administrator.MARK-59C0B947BC\IETldCache
2012-09-10 21:00 . 2012-09-10 21:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-10 17:57 . 2008-04-14 05:48 52480 -c--a-w- c:\windows.0\system32\dllcache\i8042prt.sys
2012-09-10 17:57 . 2008-04-14 05:48 52480 ----a-w- c:\windows.0\system32\drivers\i8042prt.sys
2012-09-10 17:30 . 2012-09-15 17:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\RegRun
2012-09-10 17:30 . 2012-09-10 17:30 2 --shatr- c:\windows.0\winstart.bat
2012-09-10 17:30 . 2012-09-15 17:29 -------- d-----w- c:\program files\UnHackMe
2012-09-06 02:07 . 2012-09-06 02:07 -------- d-----w- c:\windows.0\system32\NtmsData
2012-09-05 01:48 . 2012-09-05 01:48 -------- d-----w- C:\Program Files (x86)
2012-08-29 19:51 . 2012-08-29 22:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-21 21:30 . 2012-08-21 21:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2012-08-21 21:30 . 2012-08-21 21:30 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 18:41 . 2009-02-03 13:00 16608 ----a-w- c:\windows.0\gdrv.sys
2012-09-07 21:04 . 2012-05-09 20:09 22856 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2012-08-15 13:05 . 2012-04-10 11:25 426184 ----a-w- c:\windows.0\system32\FlashPlayerApp.exe
2012-08-15 13:05 . 2011-05-20 13:10 70344 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-04-14 09:41 78336 ----a-w- c:\windows.0\system32\browser.dll
2012-07-04 14:05 . 2009-01-25 22:11 139784 ----a-w- c:\windows.0\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 05:00 1866112 ----a-w- c:\windows.0\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 09:42 916992 ----a-w- c:\windows.0\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 09:42 1469440 ------w- c:\windows.0\system32\inetcpl.cpl
2012-07-02 17:49 . 2008-04-14 09:41 43520 ------w- c:\windows.0\system32\licmgr10.dll
2012-07-02 12:05 . 2008-04-14 04:07 385024 ------w- c:\windows.0\system32\html.iec
2012-09-12 17:34 . 2011-03-23 22:06 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_18.01.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-15 18:41 . 2012-09-15 18:41 16384 c:\windows.0\Temp\Perflib_Perfdata_9f8.dat
+ 2012-09-15 18:41 . 2012-09-15 18:41 16384 c:\windows.0\Temp\Perflib_Perfdata_888.dat
+ 2012-03-21 00:44 . 2012-03-21 00:44 171064 c:\windows.0\system32\drivers\MpFilter.sys
+ 2012-09-10 21:00 . 2012-09-10 21:00 301056 c:\windows.0\Installer\a5a7ce.msi
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-09-10 21:00 . 2012-09-10 21:00 123352 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-09-12 17:56 . 2012-09-12 17:56 421888 c:\windows.0\erdnt\9-12-2012\Users\00000002\UsrClass.dat
+ 2012-09-12 17:56 . 2005-10-20 16:02 163328 c:\windows.0\erdnt\9-12-2012\ERDNT.EXE
- 2009-01-20 22:28 . 2009-01-20 22:28 1614848 c:\windows.0\system32\sfcfiles.dll
+ 2009-01-20 22:28 . 2008-04-14 09:00 1614848 c:\windows.0\system32\sfcfiles.dll
+ 2012-09-10 21:00 . 2012-09-10 21:00 1826304 c:\windows.0\Installer\a5a7d6.msi
+ 2012-09-11 11:36 . 2012-09-11 11:36 1094656 c:\windows.0\Installer\272a61.msi
+ 2012-09-12 17:56 . 2012-09-12 17:56 14794752 c:\windows.0\erdnt\9-12-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"MediaFire Tray"="c:\documents and settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe" [2012-08-16 2196040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"JMB36X IDE Setup"="c:\windows.0\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows.0\system32\xRaidSetup.exe" [2007-11-19 1966080]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"NeroCheck"="c:\windows.0\system32\NeroCheck.exe" [2001-08-06 155648]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"M-Audio Taskbar Icon"="c:\windows.0\System32\DeltaIITray.exe" [2008-03-03 236040]
"DeltaIITaskbarApp"="c:\windows.0\system32\DeltaIITray.exe" [2008-03-03 236040]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-12-22 240656]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2009-06-10 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]
.
c:\documents and settings\Mark V. Sanderford\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-9 113664]
.
c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe [2012-6-20 2772112]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-3-7 221247]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-17 809488]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll" [2012-09-03 2611280]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS.0\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\AdFender\\AdFender.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DigiFilter;DigiFilter;c:\windows.0\system32\drivers\DigiFilt.sys [2/9/2009 7:57 AM 16384]
R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [3/7/2009 2:41 AM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 CIDLinkAdvisorService;CIDLinkAdvisorService;c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe [9/3/2012 6:47 AM 227408]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2/3/2009 9:04 AM 68136]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 11:03 AM 335888]
R2 LBeepKE;LBeepKE;c:\windows.0\system32\drivers\LBeepKE.sys [5/17/2009 12:41 PM 10384]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows.0\system32\nlssrv32.exe [2/21/2011 5:17 PM 66560]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [3/15/2009 4:14 PM 109096]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 6:11 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 6:11 AM 185640]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows.0\system32\drivers\deltaII.sys [2/8/2009 9:12 PM 302728]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows.0\system32\drivers\wdcsam.sys [8/5/2012 12:57 PM 11520]
S2 COM Service;COM Service;c:\program files\GIGABYTE\G.O.M\GCSVR.exe [2/3/2009 9:29 AM 16384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2010 11:02 AM 136176]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S2 WDFME;WD File Management Engine;"c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" --> c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 7:25 AM 250056]
S3 epppdt;EPSON 1394.3 Class;c:\windows.0\system32\drivers\epppdt.sys [2/8/2009 6:10 PM 31275]
S3 epppdtpr;EPSON 1394.3 Printer Class;c:\windows.0\system32\drivers\epppdtpr.sys [2/8/2009 6:10 PM 14463]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2010 11:02 AM 136176]
S3 GVTDrv;GVTDrv;c:\windows.0\system32\drivers\GVTDrv.sys [2/3/2009 9:41 AM 24944]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 8:52 PM 114144]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [3/3/2009 2:19 PM 98488]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows.0\system32\drivers\usbbc.sys [3/18/2005 12:02 PM 15576]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows.0\Tasks\Adobe Flash Player Updater.job
- c:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 13:05]
.
2012-09-14 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-15 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 15:02]
.
2012-09-15 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 15:02]
.
2012-09-15 c:\windows.0\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2012-09-12 c:\windows.0\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2012-09-10 c:\windows.0\Tasks\SyncBack Archive.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-11-30 17:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-15 15:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c501\6&2e7ff71e&0&0000\LogConf]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c51b&MI_00\7&2c8221d9&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(4736)
c:\windows.0\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows.0\system32\ieframe.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
c:\windows.0\system32\webcheck.dll
c:\windows.0\system32\WPDShServiceObj.dll
c:\windows.0\system32\PortableDeviceTypes.dll
c:\windows.0\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-15 15:02:22
ComboFix-quarantined-files.txt 2012-09-15 19:02
ComboFix2.txt 2012-09-15 18:21
ComboFix3.txt 2012-09-15 14:53
.
Pre-Run: 129,645,936,640 bytes free
Post-Run: 129,618,993,152 bytes free
.
- - End Of File - - ED2893059FFCBDE7D4EE2900263FCA9E
  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
BITS uses this file:

C:\WINDOWS\system32\qmgr.dll

Is it there?

There should be another one someone. We can have OTL look for it.



Copy the text in the code box:

/md5start
qmgr.dll
/md5stop


Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.
  • 0

#40
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
qmgr.dll Appears to be where it should be...

Here's OTL's log:

OTL logfile created on: 9/15/2012 3:48:05 PM - Run 5
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.42% Memory free
5.19 Gb Paging File | 4.43 Gb Available in Paging File | 85.45% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 120.76 Gb Free Space | 43.21% Space Free | Partition Type: NTFS
Drive D: | 596.16 Gb Total Space | 128.25 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 1396.92 Gb Total Space | 444.51 Gb Free Space | 31.82% Space Free | Partition Type: FAT32
Drive I: | 465.73 Gb Total Space | 78.27 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: MARK-59C0B947BC | User Name: Mark V. Sanderford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 07:55:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\OTL.com
PRC - [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
PRC - [2012/09/03 06:47:30 | 001,353,808 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobal.exe
PRC - [2012/09/03 06:47:22 | 001,378,384 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLight.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/20 03:30:04 | 002,772,112 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS.0\system32\nlssrv32.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/28 09:54:13 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/24 21:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/11/13 08:32:51 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/06/18 06:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.0\SoundMan.exe
PRC - [2008/06/06 12:39:52 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/06/06 11:42:10 | 000,324,096 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
PRC - [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/14 05:42:26 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\mmc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 01:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
PRC - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006/07/22 21:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/12/17 10:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS.0\Logi_MwX.Exe


========== Modules (No Company Name) ==========

MOD - [2012/09/12 13:34:36 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/03 06:47:34 | 000,071,760 | ---- | M] () -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobalPS.dll
MOD - [2012/06/14 06:46:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 22:37:11 | 014,329,856 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012/06/13 22:37:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 22:36:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 22:36:51 | 012,218,368 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/06/13 22:36:19 | 000,069,120 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/05/12 09:00:57 | 000,998,400 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 23:12:38 | 000,220,672 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
MOD - [2012/05/11 23:10:52 | 000,224,768 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
MOD - [2012/05/11 23:10:38 | 000,771,584 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 23:10:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/05/11 23:09:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 23:09:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 23:09:51 | 007,953,408 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 23:09:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/09/10 11:58:42 | 000,098,304 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MOD - [2008/06/06 12:40:08 | 000,151,552 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2008/06/06 12:40:02 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008/06/06 12:39:46 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008/04/09 19:15:54 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/04/09 19:15:54 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/12 13:34:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) [Auto | Running] -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe -- (CIDLinkAdvisorService)
SRV - [2012/08/15 09:05:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS.0\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 00:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe -- (COM Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\delta.sys -- (DELTA)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\MARKV~1.SAN\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/15 14:41:23 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\gdrv.sys -- (gdrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/05/20 19:21:56 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/02/03 09:44:10 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/07/24 06:02:44 | 004,749,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/02 03:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/09 01:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 01:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/03/03 11:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\deltaII.sys -- (DELTAII)
DRV - [2008/02/18 15:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 15:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 15:36:14 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS.0\system32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2008/02/18 15:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS.0\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/09/05 13:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/02/09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/12/08 22:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/10/24 02:02:00 | 000,031,275 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdt.sys -- (epppdt)
DRV - [2006/10/24 02:02:00 | 000,014,463 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdtpr.sys -- (epppdtpr)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\speedfan.sys -- (speedfan)
DRV - [2005/03/18 12:02:04 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS.0\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6B9C2291-9A24-482B-846C-6F00E42FF097}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{AF36D2FC-9772-4B32-BE16-3D7964F73A8B}: "URL" = http://www.google.co...:0000FF;FORID:1
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://search.callin...ie&p=go&cid=yes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:0.9.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.0.11.2m
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}:2.0.0.248
FF - prefs.js..extensions.enabledAddons: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:2.0.0.248
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: {fbc8441e-a153-45b0-8e93-87521a5812a1}:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/07/10 23:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/09/23 08:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox [2012/09/05 15:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 13:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/30 21:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 21:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]

[2009/02/06 14:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions
[2010/08/27 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions
[2009/11/15 17:08:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/11/15 17:08:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/11/15 17:08:16 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\extensions(2)
[2009/11/15 16:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (SafeCache) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DT Whois) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2012/09/15 13:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions
[2011/05/14 07:43:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/27 11:57:13 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2012/05/24 21:26:20 | 000,000,000 | ---D | M] (Green Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2012/09/15 13:00:38 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/10 22:55:52 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1}
[2009/11/06 07:43:07 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2011/08/14 21:41:24 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:48 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:54 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2008/03/20 15:43:48 | 000,001,182 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2008/04/07 19:41:16 | 000,001,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2009/06/16 23:52:20 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2009/06/16 23:18:30 | 000,001,423 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2011/10/31 12:45:10 | 000,148,816 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/09/10 22:08:22 | 000,010,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/07/24 19:20:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/10 22:03:28 | 000,016,192 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/09/05 15:44:56 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\searchplugins\CallingID.xml
[2011/11/12 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 15:36:30 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Mouseover) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\LINKADVISOR\FIREFOX
[2012/09/05 15:36:31 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Toolbar) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\TOOLBAR\FIREFOX
[2012/09/12 13:34:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/12 13:34:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 15:44:54 | 000,001,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\CallingID.xml
[2012/09/12 13:34:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Frame Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarFramePlugin.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Dummy Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarDummyPlugin.dll
CHR - plugin: CallingID Link Advisor (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\npCIDLinkAdvisorPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: CallingID LinkAdvisor 2.0 Toolbar = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\
CHR - Extension: CallingID LinkAdvisor 2.0 = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\

O1 HOSTS File: ([2012/09/15 14:17:57 | 000,000,027 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (CallingID LinkAdvisor 2.0 BHO) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS.0\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS.0\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS.0\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS.0\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS.0\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS.0\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.0\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [MediaFire Tray] C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe (MediaFire LLC)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233954073359 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34DBFE19-A977-4D7A-B186-B533AFA0CE81}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/06 22:54:26 | 000,000,000 | ---D | M] - C:\AutoApplyConvert -- [ NTFS ]
O32 - AutoRun File - [2004/11/14 06:52:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | R--D | M] - G:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2006/10/21 14:07:54 | 000,020,992 | ---- | M] () - G:\Autoparts warehouse letter.doc -- [ FAT32 ]
O32 - AutoRun File - [2006/10/20 09:35:42 | 022,722,519 | ---- | M] () - G:\Autoparts warehouse receipt.psd -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/15 14:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\CC Support
[2012/09/15 13:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\QuickScan
[2012/09/15 11:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/14 22:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\AllUCDLs
[2012/09/14 21:02:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/14 17:14:56 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 16:50:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 11:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\boost_interprocess
[2012/09/12 14:04:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/12 13:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 8
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\AdFender
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AdFender
[2012/09/11 08:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome
[2012/09/11 08:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SUPERAntiSpyware
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\HiJackThis
[2012/09/10 18:13:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark V. Sanderford\Recent
[2012/09/10 18:04:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\My eMusic
[2012/09/10 17:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/10 13:57:14 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\i8042prt.sys
[2012/09/10 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/10 13:35:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWREG.exe
[2012/09/10 13:35:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWSC.exe
[2012/09/10 13:35:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWXCACLS.exe
[2012/09/10 13:35:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS.0\NIRCMD.exe
[2012/09/10 13:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 13:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\erdnt
[2012/09/10 13:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RegRun
[2012/09/10 13:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\My Documents\RegRun2
[2012/09/10 13:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/09/05 22:07:03 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\NtmsData
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Fix Redirect Virus
[2012/09/03 22:04:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\eMusic 3
[2012/08/29 17:38:40 | 004,740,381 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/29 15:51:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

========== Files - Modified Within 30 Days ==========

[2012/09/15 15:05:00 | 000,000,834 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2012/09/15 15:04:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/15 14:41:36 | 000,206,492 | ---- | M] () -- C:\WINDOWS.0\System32\nvapps.xml
[2012/09/15 14:41:23 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS.0\gdrv.sys
[2012/09/15 14:41:14 | 000,012,598 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2012/09/15 14:41:14 | 000,000,906 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/15 14:41:14 | 000,000,304 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/15 14:40:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2012/09/15 14:40:43 | 3487,879,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/15 14:28:17 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ServicesRepair.exe
[2012/09/15 14:17:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\hosts
[2012/09/15 13:54:01 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\VEW.exe
[2012/09/15 01:46:42 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/09/15 01:46:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 21:34:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/14 17:14:56 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 16:50:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 14:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2012/09/13 23:45:56 | 003,950,886 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:26:57 | 043,061,879 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 14:26:44 | 032,804,864 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 08:48:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/12 07:02:05 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 20:13:30 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:21 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:12:20 | 143,963,704 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:12:07 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:31 | 118,396,816 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:05:32 | 001,330,432 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 20:05:20 | 266,099,756 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 19:29:28 | 287,388,180 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:29:28 | 001,434,784 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:57:46 | 001,437,284 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 18:57:45 | 287,897,904 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 17:00:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS.0\epplauncher.mif
[2012/09/10 13:36:06 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/09/10 13:30:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS.0\System32\CONFIG.NT
[2012/09/10 13:30:42 | 000,001,688 | ---- | M] () -- C:\WINDOWS.0\System32\AUTOEXEC.NT
[2012/09/10 13:30:42 | 000,000,002 | RHS- | M] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 09:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.0\tasks\SyncBack Archive.job
[2012/09/10 07:00:24 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to Unsung.lnk
[2012/09/10 07:00:06 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to uploads.lnk
[2012/09/10 06:59:39 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys
[2012/08/29 23:29:30 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/29 17:38:46 | 004,740,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/28 14:10:52 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/08/26 21:36:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/09/15 14:28:13 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ServicesRepair.exe
[2012/09/15 13:54:01 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\VEW.exe
[2012/09/15 01:46:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 17:14:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/13 23:45:48 | 003,950,886 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:24:50 | 032,804,864 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 14:24:38 | 043,061,879 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 07:02:05 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 21:01:02 | 3487,879,168 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/10 20:13:30 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:06 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:36 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:10:31 | 143,963,704 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:10:29 | 118,396,816 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:05:28 | 266,099,756 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 20:05:28 | 001,330,432 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 19:25:43 | 287,388,180 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:25:43 | 001,434,784 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:55:00 | 287,897,904 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 18:55:00 | 001,437,284 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 17:00:12 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/10 13:36:06 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2012/09/10 13:36:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/10 13:35:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS.0\PEV.exe
[2012/09/10 13:35:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS.0\MBR.exe
[2012/09/10 13:35:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS.0\sed.exe
[2012/09/10 13:35:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS.0\grep.exe
[2012/09/10 13:35:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS.0\zip.exe
[2012/09/10 13:30:42 | 000,000,002 | RHS- | C] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 06:57:00 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/30 21:12:59 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/29 23:29:33 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/28 14:10:52 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/03/31 10:50:09 | 000,000,533 | ---- | C] () -- C:\Program Files\Shortcut to Windows Media Player.lnk
[2012/03/15 19:59:15 | 000,000,010 | ---- | C] () -- C:\WINDOWS.0\3aline.ini
[2012/03/12 21:41:27 | 000,350,418 | ---- | C] () -- C:\WINDOWS.0\uninstall Digital_.exe
[2012/02/27 15:44:48 | 000,326,144 | ---- | C] () -- C:\WINDOWS.0\System32\SilverEfexPro2FC32.dll
[2012/02/20 18:30:17 | 000,038,351 | ---- | C] () -- C:\WINDOWS.0\System32\jcsball.dat
[2012/02/20 18:30:17 | 000,020,755 | ---- | C] () -- C:\WINDOWS.0\System32\jerror.dat
[2012/02/15 04:27:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll
[2012/02/05 11:03:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS.0\System32\nvModes.dat
[2012/01/08 17:37:06 | 000,001,213 | ---- | C] () -- C:\WINDOWS.0\_ISENV31.INI
[2011/05/23 23:04:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS.0\System32\rp_stats.dat
[2011/05/23 23:04:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS.0\System32\rp_rules.dat
[2009/11/20 19:20:43 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Eudora.lnk
[2009/11/09 19:00:48 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\fusioncache.dat
[2009/03/03 14:19:42 | 008,544,256 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\sandra.mda
[2009/01/27 17:53:55 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< MD5 for: QMGR.DLL >
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS.0\erdnt\cache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS.0\system32\dllcache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS.0\system32\qmgr.dll

< End of report >
  • 0

Advertisements


#41
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Well, I don't see them...
  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:


C:\WINDOWS.0\system32\qmgr.dll


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS /s > \junk.txt

Start, Run, cmd, OK to bring up a Command Window. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Now type:

notepad  \junk.txt

Copy and paste the text from notepad.
  • 0

#43
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
rantPerms by Farbar
Ran by Mark V. Sanderford (administrator) at 2012-09-15 16:17:57

===============================================
\\?\C:\WINDOWS.0\system32\qmgr.dll

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ Background Intelligent Transfer Service
DependOnService REG_MULTI_SZ Rpcss\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
FailureActions REG_BINARY 0000000000000000000000000300000068E30C000100000060EA00000100000060EA00000100000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters
ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum
0 REG_SZ Root\LEGACY_BITS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
  • 0

#44
crossbow66

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
not sure that worked...

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ Background Intelligent Transfer Service
DependOnService REG_MULTI_SZ Rpcss\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
FailureActions REG_BINARY 0000000000000000000000000300000068E30C000100000060EA00000100000060EA00000100000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters
ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum
0 REG_SZ Root\LEGACY_BITS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Does BITS still not want to start with the same error?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP