Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Email sending/receiving fake canada post messages

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Email sending/receiving fake canada post messages

Unread postby sean1976 » April 17th, 2012, 2:36 pm

my computer has been getting alot of fake canada post messages
package unable to be delivered" and today started sending them out as spam! my anti virus and spyhunter says i'm cleen, help!






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:35:05 PM, on 4/17/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Sean\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
F3 - REG:win.ini: load=C:\Users\Sean\LOCALS~1\Temp\msvaoe.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WeatherEye] C:\Users\Sean\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user')
O4 - Startup: Thumbs.db
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files (x86)\Common Files\eMail ID\IconixService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12852 bytes
sean1976
Active Member
 
Posts: 7
Joined: April 17th, 2012, 2:32 pm
Advertisement
Register to Remove

Re: Email sending/receiving fake canada post messages

Unread postby maxi » April 17th, 2012, 2:38 pm

Hello sean1976,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.



Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.


Please download DDS by sUBs from one of the links below, save it to your Desktop (Note: It must be in this location).
Please disable any anti-malware program that will block scripts from running before running DDS.

  • Right-Click on dds.scr And select " Run as administrator "... and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Email sending/receiving fake canada post messages

Unread postby sean1976 » April 17th, 2012, 11:15 pm

hi Maxi! Erin go Bra! Here's the .txt file :)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Sean at 23:08:06 on 2012-04-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.6183 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Common Files\eMail ID\IconixService.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Sean\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mWinlogon: Userinit=userinit.exe
uWindows: Load=C:\Users\Sean\LOCALS~1\Temp\msvaoe.exe
BHO: AutorunsDisabled - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WeatherEye] C:\Users\Sean\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.db
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7F64F1C9-7DDB-4F95-92AC-48593C608B4E} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AutorunsDisabled - No File
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Vuze Remote - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: IconixBHOClass Class: {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\vlfhhzau.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npIconixProxy110.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-1-30 586880]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-3-5 235752]
R2 IconixService;Iconix Update Service;C:\Program Files (x86)\Common Files\eMail ID\IconixService.exe [2012-4-17 284512]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-17 1153368]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-18 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 253088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 zghsdiag;ZTE General Handset Diagnostic Port;C:\Windows\system32\DRIVERS\zghsdiag.sys --> C:\Windows\system32\DRIVERS\zghsdiag.sys [?]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\system32\DRIVERS\zghsmdm.sys --> C:\Windows\system32\DRIVERS\zghsmdm.sys [?]
S3 zghsnmea;ZTE General Handset NMEA Port;C:\Windows\system32\DRIVERS\zghsnmea.sys --> C:\Windows\system32\DRIVERS\zghsnmea.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-18 02:59:49 -------- d-----w- C:\Users\Sean\AppData\Local\{1403CD56-067F-41B8-BA65-DDEE60928F9C}
2012-04-18 02:59:26 -------- d-----w- C:\Users\Sean\AppData\Local\{56F0F5B5-5DB0-4EFB-9C10-57AA3EF3A793}
2012-04-17 18:23:56 -------- d-----w- C:\Users\Sean\AppData\Roaming\eMail ID
2012-04-17 18:23:56 -------- d-----w- C:\ProgramData\eMail ID
2012-04-17 18:23:47 670560 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{852B9B5F-E8A7-49b4-B7C3-79A3E8A829F6}\components\IconixFF110_1.dll
2012-04-17 18:23:47 196448 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npIconixProxy110.dll
2012-04-17 18:23:46 -------- d-----w- C:\Program Files (x86)\Common Files\eMail ID
2012-04-17 18:23:43 -------- d-----w- C:\Program Files (x86)\eMail ID
2012-04-17 18:22:15 388096 ----a-r- C:\Users\Sean\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-17 18:22:15 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-17 16:42:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-17 16:42:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-17 08:33:00 -------- d-----w- C:\Users\Sean\AppData\Local\{ECCDC2CE-D862-4824-9214-3710B408F3F0}
2012-04-17 08:32:49 -------- d-----w- C:\Users\Sean\AppData\Local\{76082495-F882-46AF-B20A-B67BEC6CFA31}
2012-04-16 18:58:19 -------- d-----w- C:\Users\Sean\AppData\Local\{75E527CF-F68F-4208-9AD6-34FFACAEF431}
2012-04-16 18:57:57 -------- d-----w- C:\Users\Sean\AppData\Local\{E57FF5D3-6F00-48A4-AE09-D0666FB051A0}
2012-04-16 06:57:29 -------- d-----w- C:\Users\Sean\AppData\Local\{CA5B23BC-F42D-4125-A766-BF13408B614D}
2012-04-16 06:57:06 -------- d-----w- C:\Users\Sean\AppData\Local\{E8BE0F0B-684C-4447-9FFF-724E9846299F}
2012-04-15 18:56:37 -------- d-----w- C:\Users\Sean\AppData\Local\{F2BAA73D-579F-4DF1-B26A-E3937574CFD6}
2012-04-15 18:56:15 -------- d-----w- C:\Users\Sean\AppData\Local\{F52FB919-4C5F-4CBC-83DB-0F35751B970D}
2012-04-15 06:55:45 -------- d-----w- C:\Users\Sean\AppData\Local\{DD059073-6487-42AF-A82F-A04370B8D283}
2012-04-15 06:55:21 -------- d-----w- C:\Users\Sean\AppData\Local\{5056E0CD-A37E-4CB8-9B64-E2CB3C011606}
2012-04-14 17:28:38 -------- d-----w- C:\Users\Sean\AppData\Local\{B89D655E-3EBA-490B-A1A9-E32A3F2A9AF4}
2012-04-14 17:28:27 -------- d-----w- C:\Users\Sean\AppData\Local\{B927DA2F-40E3-4ABB-B50D-57B69D8859D1}
2012-04-14 05:16:58 -------- d-----w- C:\Users\Sean\AppData\Local\{02620928-CEB6-4A74-B230-3CF3864A60B1}
2012-04-14 05:16:36 -------- d-----w- C:\Users\Sean\AppData\Local\{23EFBBF8-0EC2-4C70-A695-CCE8C631B2EE}
2012-04-13 17:09:21 -------- d-----w- C:\Users\Sean\AppData\Local\{F57F8546-7608-4CF6-A670-3C30DE0F16AC}
2012-04-13 17:08:58 -------- d-----w- C:\Users\Sean\AppData\Local\{258D23C7-3619-4661-A0CD-D76EC683F7F8}
2012-04-13 05:08:31 -------- d-----w- C:\Users\Sean\AppData\Local\{0F4C9F05-5E2A-4B34-8E40-3F4DA08DC82A}
2012-04-13 05:08:20 -------- d-----w- C:\Users\Sean\AppData\Local\{3C2A8AFE-CAF0-453B-9B5C-3D93B398671E}
2012-04-13 04:58:19 -------- d-----w- C:\Users\Sean\AppData\Local\{002BA69D-85A5-4B90-8431-AA80167940B1}
2012-04-13 04:58:07 -------- d-----w- C:\Users\Sean\AppData\Local\{C3A689E6-FA25-4CCB-8BB9-B7AA32F79616}
2012-04-13 04:56:23 -------- d-----w- C:\Windows\en
2012-04-13 04:52:58 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-04-13 04:49:53 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddb4bba11cd193002\MeshBetaRemover.exe
2012-04-13 04:49:50 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dbbbf17d1cd193001\DSETUP.dll
2012-04-13 04:49:50 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dbbbf17d1cd193001\DXSETUP.exe
2012-04-13 04:49:50 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dbbbf17d1cd193001\dsetup32.dll
2012-04-13 04:20:19 -------- d-----w- C:\Users\Sean\AppData\Local\{E82C1CA1-6494-4C0E-A021-F5D1AC80F43A}
2012-04-13 04:14:16 -------- d-----w- C:\Users\Sean\AppData\Local\{F860E76F-5453-4D4B-ACFE-F3DA5BBA883F}
2012-04-13 02:45:02 -------- d-----w- C:\Users\Sean\AppData\Local\{1C727E1A-F2AE-48D8-9D0B-1B437981CAD4}
2012-04-12 19:17:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-12 14:26:36 -------- d-----w- C:\Users\Sean\AppData\Local\{D0B4CB5C-1FF1-4A0E-8513-1DE253331D4F}
2012-04-12 02:16:08 -------- d-----w- C:\Users\Sean\AppData\Local\{9C1EA8D9-D471-4EAE-84B2-79DAD0D4231C}
2012-04-12 00:34:19 -------- d-----w- C:\Users\Sean\AppData\Local\adaware
2012-04-12 00:34:14 45904 ----a-w- C:\Windows\System32\sbbd.exe
2012-04-12 00:34:12 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-12 00:34:12 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-12 00:34:05 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-12 00:34:04 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-12 00:34:04 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-12 00:33:36 -------- d-----w- C:\Users\Sean\AppData\Local\adawarebp
2012-04-12 00:33:29 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-04-12 00:32:13 -------- d-----w- C:\Users\Sean\AppData\Roaming\Ad-Aware Antivirus
2012-04-11 17:49:23 96 ---ha-w- C:\aaw7boot.cmd
2012-04-11 14:15:32 -------- d-----w- C:\Users\Sean\AppData\Local\{1BFEFA0B-1DD7-4A57-8828-830121AFB583}
2012-04-11 14:00:30 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 14:00:30 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 14:00:30 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 14:00:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 14:00:29 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 14:00:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 14:00:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 02:15:08 -------- d-----w- C:\Users\Sean\AppData\Local\{BE4C4F4F-2545-42FC-A519-A97EA3DCCED7}
2012-04-10 06:08:22 -------- d-----w- C:\Users\Sean\AppData\Local\{68724E76-9668-4D2F-BF05-45E44D06B5C9}
2012-04-10 03:20:19 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-10 02:54:54 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-09 18:07:47 -------- d-----w- C:\Users\Sean\AppData\Local\{D5A441EA-CBCC-4DC6-A040-0F5F20355193}
2012-04-09 06:07:23 -------- d-----w- C:\Users\Sean\AppData\Local\{6C8F2A17-DF38-43CE-97CC-F49BC8BC9A37}
2012-04-08 15:57:42 -------- d-----w- C:\Users\Sean\AppData\Local\{D1AAD679-8504-46F0-9BA9-DC58D5C7E471}
2012-04-07 14:57:30 -------- d-----w- C:\Users\Sean\AppData\Local\{BD2F786D-BA44-4AE5-86DB-70055763EC10}
2012-04-07 02:57:07 -------- d-----w- C:\Users\Sean\AppData\Local\{A2EA2B37-1FEB-49D1-87C5-E7737D909316}
2012-04-06 14:56:42 -------- d-----w- C:\Users\Sean\AppData\Local\{360077E3-952D-4E31-B96F-5D76E14CE848}
2012-04-06 01:38:15 -------- d-----w- C:\Users\Sean\AppData\Local\{B9B5CDAC-AA38-4C96-A7BD-F507174A23A9}
2012-04-05 04:46:16 -------- d-----w- C:\Users\Sean\AppData\Local\{3EC57D6B-D3CD-4A40-B535-75E4EF21751B}
2012-04-05 03:05:21 -------- d-----w- C:\Users\Sean\AppData\Local\{22BE12ED-0FA0-4FAA-80D7-84969F3B4AEB}
2012-04-04 15:04:57 -------- d-----w- C:\Users\Sean\AppData\Local\{5D760E20-619F-436E-8937-AA6906CCEDB1}
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 22:39:12 -------- d-----w- C:\Users\Sean\AppData\Local\{A1C3928A-64D5-4768-9C14-08F93C013ECD}
2012-04-03 10:38:37 -------- d-----w- C:\Users\Sean\AppData\Local\{D49A7D60-2F12-4486-9E87-CC7632B6CB53}
2012-04-02 22:38:24 -------- d-----w- C:\Users\Sean\AppData\Local\{FAC96F19-4B88-494A-B611-AA092F37F1E7}
2012-04-02 16:42:42 -------- d-----w- C:\Users\Sean\AppData\Local\{89282AB5-05D5-4F1A-B7CC-ED1917F4C755}
2012-04-02 04:42:06 -------- d-----w- C:\Users\Sean\AppData\Local\{07D73518-DB20-4356-9383-545BD19BD560}
2012-04-01 16:41:31 -------- d-----w- C:\Users\Sean\AppData\Local\{888C5E49-5413-4FFB-8BAB-4B084CFA760B}
2012-04-01 04:40:56 -------- d-----w- C:\Users\Sean\AppData\Local\{15825421-48CB-4B03-8D5F-B5A238CB3D3D}
2012-03-31 16:40:21 -------- d-----w- C:\Users\Sean\AppData\Local\{F8028A3A-9C36-476C-AFC6-3911E84B191B}
2012-03-31 04:40:04 -------- d-----w- C:\Users\Sean\AppData\Local\{A2522C46-1671-4DC2-A769-14569FDBF5DC}
2012-03-30 16:30:15 -------- d-----w- C:\Users\Sean\AppData\Local\{9488DDFD-C9CA-4F97-B1A7-F44EF812FB14}
2012-03-30 04:29:40 -------- d-----w- C:\Users\Sean\AppData\Local\{E8621D9D-8E99-4274-B451-D9CAEF26E95E}
2012-03-29 16:29:16 -------- d-----w- C:\Users\Sean\AppData\Local\{D1DDDF94-235D-4163-BB89-C65BE55ADA76}
2012-03-29 03:22:19 -------- d-----w- C:\Users\Sean\AppData\Local\{68AF246F-DA86-4FD9-9AF8-30CF1540A50A}
2012-03-28 05:39:27 -------- d-----w- C:\Users\Sean\AppData\Local\{649EF01E-365A-4326-9CC1-484FB94270B2}
2012-03-28 05:39:11 -------- d-----w- C:\Users\Sean\AppData\Local\{6E8715A0-D045-41E9-B91C-FF6BC30A70DF}
2012-03-28 05:37:28 -------- d-----w- C:\Users\Sean\AppData\Roaming\Ziokfy
2012-03-28 05:37:28 -------- d-----w- C:\Users\Sean\AppData\Roaming\Zayry
2012-03-28 05:37:28 -------- d-----w- C:\Users\Sean\AppData\Roaming\Xuroix
2012-03-27 15:34:52 -------- d-----w- C:\Users\Sean\AppData\Local\{223F83D6-C25E-4AC1-AC0C-1F8E4E766DB6}
2012-03-27 15:34:29 -------- d-----w- C:\Users\Sean\AppData\Local\{5E237BA5-449B-4A3A-A9C6-F3FC4ECC3256}
2012-03-27 03:34:02 -------- d-----w- C:\Users\Sean\AppData\Local\{BECBF6AC-3822-4308-96FA-14D141209D5E}
2012-03-27 03:33:51 -------- d-----w- C:\Users\Sean\AppData\Local\{5045E97A-8CB0-41BF-B40E-8AE7BB090B4F}
2012-03-26 08:05:18 -------- d-----w- C:\Users\Sean\AppData\Local\{B633EF36-F062-4C37-95DB-FEA7FB7A71A8}
2012-03-26 08:05:05 -------- d-----w- C:\Users\Sean\AppData\Local\{7BB5FDFB-8612-44EC-8087-38304FFAAA1B}
2012-03-25 18:23:27 -------- d-----w- C:\Users\Sean\AppData\Local\{5D4720EE-6B1C-47E3-82C5-52833A00EFBF}
2012-03-25 18:23:04 -------- d-----w- C:\Users\Sean\AppData\Local\{6979D8A0-484B-4A9C-9948-86B166AD15D9}
2012-03-25 06:22:37 -------- d-----w- C:\Users\Sean\AppData\Local\{32354EB3-505E-4D49-9361-5A2F14EEBFAB}
2012-03-25 06:22:13 -------- d-----w- C:\Users\Sean\AppData\Local\{740768AE-B0F8-4D7B-BCE7-EB08DE1F1537}
2012-03-24 18:21:47 -------- d-----w- C:\Users\Sean\AppData\Local\{66300171-2565-4E8A-B7F4-4D7162CB38F9}
2012-03-24 18:21:25 -------- d-----w- C:\Users\Sean\AppData\Local\{31F4E14D-96C1-4832-9A7A-14D31F117061}
2012-03-24 06:20:55 -------- d-----w- C:\Users\Sean\AppData\Local\{1087E9F1-716B-4B31-8020-E30F29C67EE3}
2012-03-24 06:20:31 -------- d-----w- C:\Users\Sean\AppData\Local\{0D70EA34-44A5-44C9-A680-E713E9D977F6}
2012-03-23 16:33:14 -------- d-----w- C:\Users\Sean\AppData\Local\{E2D1D8D2-16C5-4CBF-9888-DD6DE600EE89}
2012-03-23 16:32:51 -------- d-----w- C:\Users\Sean\AppData\Local\{F9CF61B3-4732-4A76-9A88-23EAF9BE72CA}
2012-03-23 04:32:25 -------- d-----w- C:\Users\Sean\AppData\Local\{85FD3E48-6E69-4FFA-ACD8-166E78D22BCF}
2012-03-23 04:32:02 -------- d-----w- C:\Users\Sean\AppData\Local\{02F842AC-4EBB-460E-BA6B-954045677908}
2012-03-22 21:39:46 -------- d-----w- C:\Users\Sean\AppData\Roaming\Uvaq
2012-03-22 21:39:46 -------- d-----w- C:\Users\Sean\AppData\Roaming\Naakdi
2012-03-22 21:39:46 -------- d-----w- C:\Users\Sean\AppData\Roaming\Esokqu
2012-03-22 16:31:37 -------- d-----w- C:\Users\Sean\AppData\Local\{2F4298A1-757C-4643-AFA1-58CF736A9475}
2012-03-22 16:31:15 -------- d-----w- C:\Users\Sean\AppData\Local\{E118A954-3491-41D5-8BD3-9A521A912C71}
2012-03-22 04:30:49 -------- d-----w- C:\Users\Sean\AppData\Local\{C3D3172E-23D6-43A4-AC33-4D282916FB76}
2012-03-22 04:30:27 -------- d-----w- C:\Users\Sean\AppData\Local\{CC52F006-1444-4CDD-AC64-8AD707BDFA67}
2012-03-21 16:30:01 -------- d-----w- C:\Users\Sean\AppData\Local\{0C626C66-C141-4906-B28B-A969571C554B}
2012-03-21 16:29:39 -------- d-----w- C:\Users\Sean\AppData\Local\{1A72EDDB-C50B-44E2-9CDE-8957D190BB60}
2012-03-21 04:29:13 -------- d-----w- C:\Users\Sean\AppData\Local\{5D0E2E4F-52D5-4FC2-8F9F-5EA138B5C9EC}
2012-03-21 04:28:51 -------- d-----w- C:\Users\Sean\AppData\Local\{9DD49944-9413-4710-AEA3-6434B915238F}
2012-03-20 16:28:25 -------- d-----w- C:\Users\Sean\AppData\Local\{82A2B886-24E0-4EC3-ABDD-930D45B52E91}
2012-03-20 16:27:59 -------- d-----w- C:\Users\Sean\AppData\Local\{6705F850-2E9E-42DE-9593-27C25239DAFC}
2012-03-20 04:27:32 -------- d-----w- C:\Users\Sean\AppData\Local\{F4F6B938-4140-4899-AB6F-907AE9121749}
2012-03-20 04:27:08 -------- d-----w- C:\Users\Sean\AppData\Local\{A276160A-04AD-4A97-AEB2-0576AD2B854A}
.
==================== Find3M ====================
.
2012-04-14 08:20:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-05 02:34:37 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe
2012-03-04 16:00:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 22:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 22:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-14 22:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-14 22:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-14 22:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-14 22:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-14 22:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-14 22:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-14 22:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 22:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-14 22:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 22:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-14 22:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 22:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-14 22:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-14 22:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-14 22:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-14 22:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-14 22:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 21:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 21:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 21:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 21:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 21:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 21:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 21:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 21:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 21:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 21:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 21:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 21:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 21:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 21:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 21:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 21:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-11 10:29:02 1095376 ----a-w- C:\Windows\PE_Rom.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-01 09:55:14 15664 ----a-w- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
2012-02-01 09:55:14 109360 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 23:09:08.68 ===============
You do not have the required permissions to view the files attached to this post.
sean1976
Active Member
 
Posts: 7
Joined: April 17th, 2012, 2:32 pm

Re: Email sending/receiving fake canada post messages

Unread postby maxi » April 18th, 2012, 1:58 pm

Hi sean1976,

Please don't attach any more files, Please "Copy and Paste" all future replies.

Also please follow these steps in the order given :)
Step 1
Regbak
Backup Vista or Windows 7 registry.

Please download regbak.zip... Copyright © 2002 - 2012 Acelogix Software and save it to your Desktop.
  1. Unzip or extract all files to your desktop or other convenient place.
  2. Right click regbak.exe or regbak64.exe (for 64bit systems only) ... choose "Run As Administrator".
  3. Allow the backup location to default to the shown folder.
  4. Make sure the following (default) hives are selected for backup:
    • System
    • Current User
    • Other available hives
  5. Press the "Advanced Options" link.
    In the "Default backup folder" box ...copy and paste the following to the END of the line (no spaces)
    <TIME>\
    It should look like: %SystemRoot%\RegBak\<DATE>\<TIME>\
    This adds the current time to the folder name, allowing multiple backups in one day, without removing previous backups.
    DO NOT change any other options.
  6. Press OK. Reply Yes to any folder creation prompts.
  7. Press Start at the confirmation screen.
  8. When the backup has successfully completed... press Cancel to end the program.

Step 2
Disable Spybot S&D - TeaTimer
The Resident TeaTimer tool of Spybot-S&D, may interfere with the fix, so we need to temporarily disable it.
TeaTimer can be re-enabled once the computer is clean.
  1. Open Spybot-S&D in Advanced Mode.
  2. If it is not already set to do this, go to the "Mode" menu and select "Advanced Mode".
  3. On the left hand side, click on "Tools".
  4. Click on the Resident Icon in the List.
  5. Uncheck "Resident TeaTimer" ... OK any prompts.
  6. Restart your computer... TeaTimer should no longer be running.

Step 3
Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    Vuze

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Step 4
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

In your next reply please include:
Both logs produced by OTL.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Email sending/receiving fake canada post messages

Unread postby sean1976 » April 18th, 2012, 2:57 pm

OTL logfile created on: 4/18/2012 2:32:00 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Sean\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 76.67% Memory free
15.82 Gb Paging File | 13.81 Gb Available in Paging File | 87.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 825.11 Gb Free Space | 88.59% Space Free | Partition Type: NTFS

Computer Name: SEAN-PC | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/18 14:30:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Downloads\OTL.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/03/19 18:55:54 | 000,284,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\eMail ID\IconixService.exe
PRC - [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/14 21:51:42 | 000,310,920 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Sean\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/11 17:21:14 | 001,214,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010/12/23 23:50:08 | 001,097,344 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/02 11:37:22 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2010/12/01 22:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
PRC - [2010/11/26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/03 05:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2010/10/21 05:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010/09/24 22:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010/03/05 11:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010/03/05 11:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/12/15 14:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/11 10:26:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/11 10:25:56 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- C:\Program Files (x86)\Ad-Aware Antivirus\ThreatWork.dll
MOD - [2012/03/13 00:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/19 12:46:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/19 12:45:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/19 12:45:34 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/18 23:16:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/12/18 23:16:45 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/02/17 12:10:20 | 001,035,776 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2011/01/06 11:38:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010/12/02 18:28:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010/12/01 13:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2010/11/19 11:55:00 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2010/11/19 11:53:34 | 000,963,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2010/09/27 21:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2010/09/27 21:51:12 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2010/08/22 22:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
MOD - [2010/08/06 19:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010/08/06 19:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010/06/21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010/06/21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009/12/15 14:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 14:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009/07/31 22:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/05/21 11:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
MOD - [2009/05/20 22:14:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/14 04:20:46 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/03/22 00:06:18 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/19 18:55:54 | 000,284,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\eMail ID\IconixService.exe -- (IconixService)
SRV - [2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/12/01 22:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/11/20 23:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/03 05:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010/10/21 05:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 11:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/06 04:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011/11/24 00:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/31 15:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/01/27 11:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/01/27 11:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsnmea.sys -- (zghsnmea)
DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsdiag.sys -- (zghsdiag)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/01/14 08:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV - [2012/02/01 05:55:14 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/?rlz=1V1IPYX
IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\SearchScopes\{0C34981D-E2F8-475d-9A25-2E226C592CF3}: "URL" = http://www.google.com/custom?client=pub ... 1&hl=en&q={searchTerms}
IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\SearchScopes\{2D7894DC-8920-4961-A12F-45EA13D86AD9}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&o ... 1V4IPYX&q={searchTerms}
IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\SearchScopes\{B094FD74-250D-46EB-90F9-8B81B62DF3B2}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 20:18:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 14:23:47 | 000,000,000 | ---D | M]

[2011/12/28 21:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
[2011/12/28 21:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/03/22 20:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\h9dbjxiy.default\extensions
[2012/03/22 20:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\h9dbjxiy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/03/22 20:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\h9dbjxiy.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/04/16 04:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\vlfhhzau.default\extensions
[2012/04/11 20:33:33 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\vlfhhzau.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/04/17 14:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/17 14:23:47 | 000,000,000 | ---D | M] (Iconix) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{852B9B5F-E8A7-49b4-B7C3-79A3E8A829F6}
() (No name found) -- C:\USERS\SEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VLFHHZAU.DEFAULT\EXTENSIONS\{1E9A63EF-84EC-49A4-8D6F-2DD9524E90D0}.XPI
() (No name found) -- C:\USERS\SEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VLFHHZAU.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/04 12:00:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/19 18:56:12 | 000,196,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npIconixProxy110.dll
[2011/11/11 10:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/17 21:24:48 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sean\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sean\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sean\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sean\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/17 14:14:06 | 000,442,669 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15208 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (IconixBHOClass Class) - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000..\Run: [WeatherEye] C:\Users\Sean\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe (Pelmorex Media Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.db ()
F3:64bit: - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000 WinNT: Load - (C:\Users\Sean\LOCALS~1\Temp\msvaoe.exe) - File not found
F3 - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000 WinNT: Load - (C:\Users\Sean\LOCALS~1\Temp\msvaoe.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll ()
O9 - Extra 'Tools' menuitem : About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files (x86)\eMail ID\IEAddOn\IconixBHO_46.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F64F1C9-7DDB-4F95-92AC-48593C608B4E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 14:19:08 | 000,000,000 | ---D | C] -- C:\Windows\RegBak
[2012/04/18 11:00:40 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F5091DC4-31BF-4F88-A0FD-52CFE2E6023D}
[2012/04/18 11:00:18 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{078E2572-E3B8-481F-93C0-BE8F2BF1D615}
[2012/04/17 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{1403CD56-067F-41B8-BA65-DDEE60928F9C}
[2012/04/17 22:59:26 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{56F0F5B5-5DB0-4EFB-9C10-57AA3EF3A793}
[2012/04/17 14:23:56 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\eMail ID
[2012/04/17 14:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\eMail ID
[2012/04/17 14:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eMail ID
[2012/04/17 14:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro
[2012/04/17 14:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMail ID
[2012/04/17 14:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/17 14:22:15 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/17 12:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/17 12:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/17 12:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/17 04:33:00 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{ECCDC2CE-D862-4824-9214-3710B408F3F0}
[2012/04/17 04:32:49 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{76082495-F882-46AF-B20A-B67BEC6CFA31}
[2012/04/16 23:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/04/16 14:58:19 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{75E527CF-F68F-4208-9AD6-34FFACAEF431}
[2012/04/16 14:57:57 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E57FF5D3-6F00-48A4-AE09-D0666FB051A0}
[2012/04/16 02:57:29 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{CA5B23BC-F42D-4125-A766-BF13408B614D}
[2012/04/16 02:57:06 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E8BE0F0B-684C-4447-9FFF-724E9846299F}
[2012/04/15 14:56:37 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F2BAA73D-579F-4DF1-B26A-E3937574CFD6}
[2012/04/15 14:56:15 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F52FB919-4C5F-4CBC-83DB-0F35751B970D}
[2012/04/15 02:55:45 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{DD059073-6487-42AF-A82F-A04370B8D283}
[2012/04/15 02:55:21 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{5056E0CD-A37E-4CB8-9B64-E2CB3C011606}
[2012/04/14 13:28:38 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{B89D655E-3EBA-490B-A1A9-E32A3F2A9AF4}
[2012/04/14 13:28:27 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{B927DA2F-40E3-4ABB-B50D-57B69D8859D1}
[2012/04/14 01:16:58 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{02620928-CEB6-4A74-B230-3CF3864A60B1}
[2012/04/14 01:16:36 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{23EFBBF8-0EC2-4C70-A695-CCE8C631B2EE}
[2012/04/13 13:09:21 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F57F8546-7608-4CF6-A670-3C30DE0F16AC}
[2012/04/13 13:08:58 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{258D23C7-3619-4661-A0CD-D76EC683F7F8}
[2012/04/13 01:08:31 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{0F4C9F05-5E2A-4B34-8E40-3F4DA08DC82A}
[2012/04/13 01:08:20 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{3C2A8AFE-CAF0-453B-9B5C-3D93B398671E}
[2012/04/13 00:58:19 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{002BA69D-85A5-4B90-8431-AA80167940B1}
[2012/04/13 00:58:07 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{C3A689E6-FA25-4CCB-8BB9-B7AA32F79616}
[2012/04/13 00:56:23 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/13 00:52:58 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/04/13 00:20:19 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E82C1CA1-6494-4C0E-A021-F5D1AC80F43A}
[2012/04/13 00:14:16 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F860E76F-5453-4D4B-ACFE-F3DA5BBA883F}
[2012/04/12 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{1C727E1A-F2AE-48D8-9D0B-1B437981CAD4}
[2012/04/12 15:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/04/12 10:26:36 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{D0B4CB5C-1FF1-4A0E-8513-1DE253331D4F}
[2012/04/11 22:16:08 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{9C1EA8D9-D471-4EAE-84B2-79DAD0D4231C}
[2012/04/11 20:34:19 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\adaware
[2012/04/11 20:34:14 | 000,045,904 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe
[2012/04/11 20:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/04/11 20:34:12 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012/04/11 20:34:12 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/04/11 20:34:05 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/04/11 20:34:04 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/04/11 20:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/04/11 20:33:36 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\adawarebp
[2012/04/11 20:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/04/11 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Ad-Aware Antivirus
[2012/04/11 10:15:32 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{1BFEFA0B-1DD7-4A57-8828-830121AFB583}
[2012/04/11 10:02:41 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 10:02:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 10:02:40 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 10:02:40 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 10:02:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 10:02:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 10:02:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 10:02:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 10:02:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 10:02:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 10:02:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 10:02:31 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 10:02:31 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 10:02:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 10:00:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 10:00:30 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/11 10:00:29 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/10 22:15:08 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{BE4C4F4F-2545-42FC-A519-A97EA3DCCED7}
[2012/04/10 02:08:22 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{68724E76-9668-4D2F-BF05-45E44D06B5C9}
[2012/04/09 23:20:19 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/09 22:54:54 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/09 14:07:47 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{D5A441EA-CBCC-4DC6-A040-0F5F20355193}
[2012/04/09 02:07:23 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{6C8F2A17-DF38-43CE-97CC-F49BC8BC9A37}
[2012/04/08 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{D1AAD679-8504-46F0-9BA9-DC58D5C7E471}
[2012/04/07 10:57:30 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{BD2F786D-BA44-4AE5-86DB-70055763EC10}
[2012/04/06 22:57:07 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{A2EA2B37-1FEB-49D1-87C5-E7737D909316}
[2012/04/06 10:56:42 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{360077E3-952D-4E31-B96F-5D76E14CE848}
[2012/04/05 21:38:15 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{B9B5CDAC-AA38-4C96-A7BD-F507174A23A9}
[2012/04/05 00:46:16 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{3EC57D6B-D3CD-4A40-B535-75E4EF21751B}
[2012/04/04 23:05:21 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{22BE12ED-0FA0-4FAA-80D7-84969F3B4AEB}
[2012/04/04 11:04:57 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{5D760E20-619F-436E-8937-AA6906CCEDB1}
[2012/04/03 18:39:12 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{A1C3928A-64D5-4768-9C14-08F93C013ECD}
[2012/04/03 06:38:37 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{D49A7D60-2F12-4486-9E87-CC7632B6CB53}
[2012/04/02 18:38:24 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{FAC96F19-4B88-494A-B611-AA092F37F1E7}
[2012/04/02 12:42:42 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{89282AB5-05D5-4F1A-B7CC-ED1917F4C755}
[2012/04/02 00:42:06 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{07D73518-DB20-4356-9383-545BD19BD560}
[2012/04/01 12:41:31 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{888C5E49-5413-4FFB-8BAB-4B084CFA760B}
[2012/04/01 00:40:56 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{15825421-48CB-4B03-8D5F-B5A238CB3D3D}
[2012/03/31 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F8028A3A-9C36-476C-AFC6-3911E84B191B}
[2012/03/31 00:40:04 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{A2522C46-1671-4DC2-A769-14569FDBF5DC}
[2012/03/30 12:30:15 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{9488DDFD-C9CA-4F97-B1A7-F44EF812FB14}
[2012/03/30 00:29:40 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E8621D9D-8E99-4274-B451-D9CAEF26E95E}
[2012/03/29 14:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2011
[2012/03/29 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{D1DDDF94-235D-4163-BB89-C65BE55ADA76}
[2012/03/28 23:22:19 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{68AF246F-DA86-4FD9-9AF8-30CF1540A50A}
[2012/03/28 01:39:27 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{649EF01E-365A-4326-9CC1-484FB94270B2}
[2012/03/28 01:39:11 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{6E8715A0-D045-41E9-B91C-FF6BC30A70DF}
[2012/03/28 01:37:28 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Ziokfy
[2012/03/28 01:37:28 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Zayry
[2012/03/28 01:37:28 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Xuroix
[2012/03/27 11:34:52 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{223F83D6-C25E-4AC1-AC0C-1F8E4E766DB6}
[2012/03/27 11:34:29 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{5E237BA5-449B-4A3A-A9C6-F3FC4ECC3256}
[2012/03/26 23:34:02 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{BECBF6AC-3822-4308-96FA-14D141209D5E}
[2012/03/26 23:33:51 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{5045E97A-8CB0-41BF-B40E-8AE7BB090B4F}
[2012/03/26 04:05:18 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{B633EF36-F062-4C37-95DB-FEA7FB7A71A8}
[2012/03/26 04:05:05 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{7BB5FDFB-8612-44EC-8087-38304FFAAA1B}
[2012/03/25 14:23:27 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{5D4720EE-6B1C-47E3-82C5-52833A00EFBF}
[2012/03/25 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{6979D8A0-484B-4A9C-9948-86B166AD15D9}
[2012/03/25 02:22:37 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{32354EB3-505E-4D49-9361-5A2F14EEBFAB}
[2012/03/25 02:22:13 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{740768AE-B0F8-4D7B-BCE7-EB08DE1F1537}
[2012/03/24 14:21:47 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{66300171-2565-4E8A-B7F4-4D7162CB38F9}
[2012/03/24 14:21:25 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{31F4E14D-96C1-4832-9A7A-14D31F117061}
[2012/03/24 02:20:55 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{1087E9F1-716B-4B31-8020-E30F29C67EE3}
[2012/03/24 02:20:31 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{0D70EA34-44A5-44C9-A680-E713E9D977F6}
[2012/03/23 12:33:14 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E2D1D8D2-16C5-4CBF-9888-DD6DE600EE89}
[2012/03/23 12:32:51 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F9CF61B3-4732-4A76-9A88-23EAF9BE72CA}
[2012/03/23 00:32:25 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{85FD3E48-6E69-4FFA-ACD8-166E78D22BCF}
[2012/03/23 00:32:02 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{02F842AC-4EBB-460E-BA6B-954045677908}
[2012/03/22 17:39:46 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Uvaq
[2012/03/22 17:39:46 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Naakdi
[2012/03/22 17:39:46 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Esokqu
[2012/03/22 12:31:37 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{2F4298A1-757C-4643-AFA1-58CF736A9475}
[2012/03/22 12:31:15 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{E118A954-3491-41D5-8BD3-9A521A912C71}
[2012/03/22 00:30:49 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{C3D3172E-23D6-43A4-AC33-4D282916FB76}
[2012/03/22 00:30:27 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{CC52F006-1444-4CDD-AC64-8AD707BDFA67}
[2012/03/21 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{0C626C66-C141-4906-B28B-A969571C554B}
[2012/03/21 12:29:39 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{1A72EDDB-C50B-44E2-9CDE-8957D190BB60}
[2012/03/21 00:29:13 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{5D0E2E4F-52D5-4FC2-8F9F-5EA138B5C9EC}
[2012/03/21 00:28:51 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{9DD49944-9413-4710-AEA3-6434B915238F}
[2012/03/20 12:28:25 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{82A2B886-24E0-4EC3-ABDD-930D45B52E91}
[2012/03/20 12:27:59 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{6705F850-2E9E-42DE-9593-27C25239DAFC}
[2012/03/20 00:27:32 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{F4F6B938-4140-4899-AB6F-907AE9121749}
[2012/03/20 00:27:08 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\{A276160A-04AD-4A97-AEB2-0576AD2B854A}

========== Files - Modified Within 30 Days ==========

[2012/04/18 14:31:43 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 14:31:43 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 14:28:44 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/18 14:28:44 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/18 14:28:44 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/18 14:24:28 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/18 14:24:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/18 14:24:12 | 2077,683,711 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 14:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 14:10:17 | 000,022,891 | ---- | M] () -- C:\Users\Sean\Documents\resume.odt
[2012/04/18 14:04:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090704887-2312999395-3904236272-1000UA.job
[2012/04/18 08:00:01 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/18 02:51:37 | 000,000,850 | ---- | M] () -- C:\Users\Sean\Documents\cc_20120418_025127.reg
[2012/04/18 01:04:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2090704887-2312999395-3904236272-1000Core.job
[2012/04/17 23:12:51 | 000,002,801 | ---- | M] () -- C:\Users\Sean\Documents\Attach.zip
[2012/04/17 14:14:06 | 000,442,669 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/17 12:42:47 | 000,001,286 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/17 12:42:47 | 000,001,262 | ---- | M] () -- C:\Users\Sean\Desktop\Spybot - Search & Destroy.lnk
[2012/04/16 23:54:47 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/04/16 04:05:47 | 000,002,395 | ---- | M] () -- C:\Users\Sean\Desktop\Google Chrome.lnk
[2012/04/14 04:20:46 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 04:20:46 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 04:20:41 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 04:32:04 | 000,009,168 | ---- | M] () -- C:\Users\Sean\Documents\cc_20120412_043149.reg
[2012/04/11 14:19:38 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/04/11 14:19:38 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/04/11 13:49:23 | 000,000,096 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/04/11 10:02:25 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/05 13:23:13 | 000,001,869 | ---- | M] () -- C:\Users\Sean\Desktop\IMVU.lnk
[2012/03/30 13:52:23 | 000,000,952 | ---- | M] () -- C:\Users\Sean\Documents\SEANHAMILTON_2011.TAX
[2012/03/30 13:51:53 | 000,053,248 | ---- | M] () -- C:\Users\Sean\Documents\seanhamilton.11t
[2012/03/25 05:26:28 | 002,903,486 | ---- | M] () -- C:\Users\Sean\Documents\AutoRuns.arn
[2012/03/25 05:22:10 | 000,036,550 | ---- | M] () -- C:\Users\Sean\Documents\backup registry 2.reg
[2012/03/22 20:18:09 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/04/18 14:10:15 | 000,022,891 | ---- | C] () -- C:\Users\Sean\Documents\resume.odt
[2012/04/18 02:51:30 | 000,000,850 | ---- | C] () -- C:\Users\Sean\Documents\cc_20120418_025127.reg
[2012/04/17 23:12:51 | 000,002,801 | ---- | C] () -- C:\Users\Sean\Documents\Attach.zip
[2012/04/17 12:42:47 | 000,001,286 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/17 12:42:47 | 000,001,262 | ---- | C] () -- C:\Users\Sean\Desktop\Spybot - Search & Destroy.lnk
[2012/04/16 23:54:47 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/04/12 04:31:56 | 000,009,168 | ---- | C] () -- C:\Users\Sean\Documents\cc_20120412_043149.reg
[2012/04/11 20:40:26 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/11 20:34:13 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/11 13:49:23 | 000,000,096 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/04/11 10:02:25 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/09 22:55:01 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 14:53:33 | 000,000,952 | ---- | C] () -- C:\Users\Sean\Documents\SEANHAMILTON_2011.TAX
[2012/03/25 05:22:02 | 000,036,550 | ---- | C] () -- C:\Users\Sean\Documents\backup registry 2.reg
[2012/03/22 20:18:09 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/22 20:18:09 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 06:28:08 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/04 22:33:12 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/03/04 06:20:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/01/30 03:46:04 | 000,028,931 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/01/30 02:39:19 | 001,095,376 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012/01/30 02:24:13 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/01/30 02:24:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/12/30 18:23:54 | 000,000,376 | ---- | C] () -- C:\Windows\hpwmdl37.dat.temp
[2011/12/28 19:26:55 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/12/18 07:35:54 | 000,000,017 | ---- | C] () -- C:\Users\Sean\AppData\Local\resmon.resmoncfg
[2011/12/18 04:30:20 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/18 04:11:16 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/18 04:11:16 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/18 02:47:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/12/18 02:34:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/18 02:34:39 | 000,025,123 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/08/03 01:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

< End of report >

OTL Extras logfile created on: 4/18/2012 2:32:00 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Sean\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 76.67% Memory free
15.82 Gb Paging File | 13.81 Gb Available in Paging File | 87.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 825.11 Gb Free Space | 88.59% Space Free | Partition Type: NTFS

Computer Name: SEAN-PC | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2090704887-2312999395-3904236272-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{D384957A-8005-4E22-888A-8E849181C9E5}" = StudioTax 2011
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BEEB434F-CAFE-4708-BE3A-7C61587FA8C8}" = Music AlarmClock v2.1.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ffdshow_is1" = ffdshow v1.1.3966 [2011-08-09]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.3.1206
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"LAV Filters" = LAV Filters (remove only)
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RealMedia" = RealMedia (remove only)
"Songbird-release-2160" = Songbird 1.10.1 (Build 2160)
"Steam App 17460" = Mass Effect
"Trend Micro eMail ID" = Trend Micro™ eMail ID
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2090704887-2312999395-3904236272-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
sean1976
Active Member
 
Posts: 7
Joined: April 17th, 2012, 2:32 pm

Re: Email sending/receiving fake canada post messages

Unread postby maxi » April 19th, 2012, 1:12 pm

Hi sean1976,

Please backup your registry like you did in the last post before you begin with the fix :)

Step 1
Run OTL Script

We need to run an OTL Fix

  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    
    :otl
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    IE - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    [2012/03/22 20:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\h9dbjxiy.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O4 - Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.db ()
    F3:64bit: - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000 WinNT: Load - (C:\Users\Sean\LOCALS~1\Temp\msvaoe.exe) - File not found
    F3 - HKU\S-1-5-21-2090704887-2312999395-3904236272-1000 WinNT: Load - (C:\Users\Sean\LOCALS~1\Temp\msvaoe.exe) - File not found
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
    
    :commands
    
    [emptytemp]
    [createrestorepoint]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 2
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Step 3
SystemLook
Please download SystemLook_x64.exe... by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook_x64.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :dir
    C:\Users\Sean\AppData\Roaming\Uvaq
    C:\Users\Sean\AppData\Roaming\Naakdi
    C:\Users\Sean\AppData\Roaming\Esokqu
    C:\Users\Sean\AppData\Roaming\Ziokfy
    C:\Users\Sean\AppData\Roaming\Zayry
    C:\Users\Sean\AppData\Roaming\Xuroix
    C:\Users\Sean\AppData\Local\{6705F850-2E9E-42DE-9593-27C25239DAFC}
    
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.

In your next reply please include:
The otl logfile.
The aswmbr logfile.
The systemlook logfile.
How your computer is behaving now.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Email sending/receiving fake canada post messages

Unread postby sean1976 » April 19th, 2012, 2:33 pm

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_USERS\S-1-5-21-2090704887-2312999395-3904236272-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2090704887-2312999395-3904236272-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Search the Web" removed from browser.search.selectedEngine
C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\h9dbjxiy.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2090704887-2312999395-3904236272-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.db moved successfully.
64bit-Registry delete failed. HKEY_USERS\S-1-5-21-2090704887-2312999395-3904236272-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Sean\LOCALS~1\Temp\msvaoe.exe scheduled to be deleted on reboot.
Registry value HKEY_USERS\S-1-5-21-2090704887-2312999395-3904236272-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Sean\LOCALS~1\Temp\msvaoe.exe deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sean
->Temp folder emptied: 4916560 bytes
->Temporary Internet Files folder emptied: 5013223 bytes
->Java cache emptied: 364327 bytes
->FireFox cache emptied: 353262448 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1023 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-19 13:58:14
-----------------------------
13:58:14.871 OS Version: Windows x64 6.1.7601 Service Pack 1
13:58:14.871 Number of processors: 2 586 0x2A07
13:58:14.874 ComputerName: SEAN-PC UserName: Sean
13:58:17.256 Initialize success
14:00:20.552 AVAST engine defs: 12041900
14:01:20.074 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:01:20.077 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
14:01:20.089 Disk 0 MBR read successfully
14:01:20.091 Disk 0 MBR scan
14:01:20.094 Disk 0 Windows 7 default MBR code
14:01:20.104 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:01:20.114 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:01:20.126 Disk 0 scanning C:\Windows\system32\drivers
14:01:36.488 Service scanning
14:02:05.810 Modules scanning
14:02:05.817 Disk 0 trace - called modules:
14:02:05.833 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
14:02:05.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c66380]
14:02:05.844 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8006c8ce40]
14:02:05.849 5 ACPI.sys[fffff88000f1c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007763060]
14:02:07.640 AVAST engine scan C:\Windows
14:02:12.384 AVAST engine scan C:\Windows\system32
14:06:02.511 AVAST engine scan C:\Windows\system32\drivers
14:06:18.453 AVAST engine scan C:\Users\Sean
14:22:59.915 AVAST engine scan C:\ProgramData
14:24:10.655 Scan finished successfully
14:25:42.684 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"
14:25:42.688 The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"


SystemLook 30.07.11 by jpshortstuff
Log created at 14:29 on 19/04/2012 by Sean
Administrator - Elevation successful

========== dir ==========

C:\Users\Sean\AppData\Roaming\Uvaq - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\Users\Sean\AppData\Roaming\Naakdi - Parameters: "(none)"

---Files---
inted.uda --a---- 0 bytes [08:12 24/01/2012] [08:12 24/01/2012]

---Folders---
None found.

C:\Users\Sean\AppData\Roaming\Esokqu - Parameters: "(none)"

---Files---
hoywo.orh --a---- 13819117 bytes [17:55 27/03/2012] [08:45 01/04/2012]
hoywo.tmp --a---- 1402083 bytes [17:55 27/03/2012] [03:25 29/03/2012]

---Folders---
None found.

C:\Users\Sean\AppData\Roaming\Ziokfy - Parameters: "(none)"

---Files---
bizo.tmp --a---- 7072619 bytes [08:58 30/03/2012] [02:55 10/04/2012]
bizo.ulo --a---- 342783 bytes [03:02 10/04/2012] [14:13 11/04/2012]

---Folders---
None found.

C:\Users\Sean\AppData\Roaming\Zayry - Parameters: "(none)"

---Files---
bupi.toe --a---- 0 bytes [06:44 14/01/2012] [06:44 14/01/2012]

---Folders---
None found.

C:\Users\Sean\AppData\Roaming\Xuroix - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\Users\Sean\AppData\Local\{6705F850-2E9E-42DE-9593-27C25239DAFC} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-


Hi maxi, well as of right now it hasn't sent out any b.s. messages under the guise of canada post, and i havn't gotten any, though I did get 67 news feeds from msnbc last night ( lol )... don't know if that's related... besides that, it seems to be running fine.. got songbird playing no problem, and no apparent software issues.
sean1976
Active Member
 
Posts: 7
Joined: April 17th, 2012, 2:32 pm

Re: Email sending/receiving fake canada post messages

Unread postby maxi » April 20th, 2012, 5:49 am

Hi sean1976, Your doing well :)

Step 1
Set Your Computer to Show All Files/Folders.

  • Click Start.
  • Open Computer.
  • Press the ALT key.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.


Step 2
Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste these files paths into the white box at the top one at a time:
C:\Users\Sean\AppData\Roaming\Esokqu\hoywo.orh
C:\Users\Sean\AppData\Roaming\Esokqu\hoywo.tmp
C:\Users\Sean\AppData\Roaming\Ziokfy\bizo.tmp
C:\Users\Sean\AppData\Roaming\Ziokfy\bizo.ulo
C:\Users\Sean\AppData\Roaming\Zayry\bupi.toe
C:\Users\Sean\AppData\Roaming\Naakdi\inted.uda (this one might not send but try anyway)


Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalinks (web addresses) in your next response.
Example of web address :
Image

In your next reply please include:
The permalinks for the six files you submitted.


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Email sending/receiving fake canada post messages

Unread postby sean1976 » April 21st, 2012, 12:57 am

sean1976
Active Member
 
Posts: 7
Joined: April 17th, 2012, 2:32 pm

Re: Email sending/receiving fake canada post messages

Unread postby maxi » April 21st, 2012, 4:06 pm

Hi sean1976,

There are real indications in your logs that you may be infected with a backdoor Trojan. The only responsible action I can recommend to you is to reformat and reinstall your operating system. Below is my general post that I give in these situations.

BACKDOOR TROJAN

I'm afraid I have some bad news for you, unfortunatly One or more of the identified infections is a BACKDOOR TROJAN. Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

What are Remote Access Trojans and why are they dangerous


You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.


How do I respond to a possible identity theft and how do I prevent it


Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

Further reading:

When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.

Regards maxi
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Email sending/receiving fake canada post messages

Unread postby sean1976 » April 22nd, 2012, 3:19 am

that SUCKS! I guess i will do that tonight then... oh the hours it's going to take!!!!!!!!!!! For what it's worth, i just installed ad aware plus.. (the paid version, the new ad aware 10 pro ) ... any feedback on that? I suppose i might very well have gotten it before i installed it as my free trial of mcafee was over... shoooooooooooooooot.
sean1976
Active Member
 
Posts: 7
Joined: April 17th, 2012, 2:32 pm

Re: Email sending/receiving fake canada post messages

Unread postby maxi » April 22nd, 2012, 2:18 pm

Hi sean1976,

Yes I know it sucks but it is definitely the safest option. You really don't want someone having remote access to your computer. You can reset your adaware serial number by following the link below once you have reinstalled your operating system.

http://www.lavasoft.com/mylavasoft/supp ... t-computer

If you have any other questions please feel free to ask.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Email sending/receiving fake canada post messages

Unread postby sean1976 » April 23rd, 2012, 12:42 pm

Well i've re formatted and re installed everything, ... so far so good. just wanted to say thanks for your time Maxi, i appreciate the help, even though it didn't turn out super haha... Thanks man.
sean1976
Active Member
 
Posts: 7
Joined: April 17th, 2012, 2:32 pm

Re: Email sending/receiving fake canada post messages

Unread postby maxi » April 23rd, 2012, 1:56 pm

No hassle, Sorry it didn't work out better for you :(

Here is some advice and some programs that may be of interest to you :)

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide

Malwarebytes' Anti-Malware Scanning Guide


Here are some additional utilities that will enhance your safety


Also, please read this great article by Gary R and Wingman a short guide to staying safer online


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Email sending/receiving fake canada post messages

Unread postby Elrond » May 1st, 2012, 2:00 pm

Sorry we could not help you any more than we did.

This topic is now closed
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware