Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help with trojan

Unread postby iowabucks » November 23rd, 2011, 6:49 pm

Thank you very much askey. As i said before, much appreciated.

When i set this computer up a few years ago i used a tuning guide to get the most speed out of my computer that i could. Probably not the best for security. It has ran good so far but i wonder if a couple settings got changed when this hit me? Might be why a few strange things still exist. Do you have a certain forum just for questions like that? Say, trying to figure out the audio part, or other little quirks?

Another thing i wanted to ask, i love Maleware Bytes. It seems to be the only effective program i have for picking up trojans or viruses. Everything else just seems to find the cookies and thats it. Is the paid version really worth it? I did try and look at the difference between the free and paid version but didn't notice much. Whats your opinion there?
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am
Advertisement
Register to Remove

Re: Need help with trojan

Unread postby iowabucks » November 23rd, 2011, 7:31 pm

My redirect issue likes to send me to a Yellowise search website. After doing a search i see all kinds of threads out there for a Yellowise.com hijacker. If this really is a hijacker, how come it wouldn't show on any scans or logfiles?

What would be the best way to get rid of this? I'm not too keen on trying some of the methods in my search as they may want me to buy their product or may do more harm than good.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 23rd, 2011, 8:51 pm

iowabucks,
We can do a specific search for that text on your machine
Most scanners won't pick up that kind of a redirect item if it's specific.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *yellow*
    
    :folderfind
    *yellowise*
    
    :Regfind
    yellowise
    
    
  • Click the Look button to start the scan.
    Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 23rd, 2011, 9:36 pm

I take it this scan didn't find anything. I see a couple websites showing how to manually get rid of it, but i really don't know enough about messing with my registry to feel comfortable doing it.


SystemLook 30.07.11 by jpshortstuff
Log created at 19:32 on 23/11/2011 by Jerry
Administrator - Elevation successful

========== filefind ==========

Searching for "*yellow*"
C:\Program Files\TeamSpeak 3 Client\gfx\default\16x16_channel_yellow.png --a---- 827 bytes [11:33 18/08/2009] [11:33 18/08/2009] 49EBA4F28B1A7EF4BE2645D461E9ABE8
C:\Program Files\TeamSpeak 3 Client\gfx\default\16x16_channel_yellow_subscribed.png --a---- 882 bytes [15:38 21/10/2009] [15:38 21/10/2009] 0B34784D40A1B8E5D018D63DED5FDE27
C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_yellow.png --a---- 12646 bytes [15:01 02/11/2006] [15:01 02/11/2006] C423E67FA3D628F482A3EF88E33A8FCB
C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_yellow_docked.png --a---- 7258 bytes [15:01 02/11/2006] [15:01 02/11/2006] 6F19456A1EC4EED8D8C0659B31E85F93
C:\Program Files (x86)\GIMP-2.0\share\gimp\2.0\gradients\Neon_Yellow.ggr --a---- 446 bytes [05:27 31/12/2009] [04:22 16/12/2009] 70B98D97FEB654B4629D23C6ACAE6911
C:\Program Files (x86)\GIMP-2.0\share\gimp\2.0\gradients\Yellow_Contrast.ggr --a---- 759 bytes [05:27 31/12/2009] [04:22 16/12/2009] 9ED9544F7D010A6250D0609576387225
C:\Program Files (x86)\GIMP-2.0\share\gimp\2.0\gradients\Yellow_Orange.ggr --a---- 242 bytes [05:27 31/12/2009] [04:22 16/12/2009] 70C73D345507D97C928484F3EA9E7A58
C:\Program Files (x86)\GIMP-2.0\share\gimp\2.0\palettes\Browns_And_Yellows.gpl --a---- 528 bytes [05:27 31/12/2009] [04:22 16/12/2009] AF39BD4621F1C7172933CF81C919AB22
C:\Program Files (x86)\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_yellow.png --a---- 12646 bytes [15:02 02/11/2006] [15:02 02/11/2006] C423E67FA3D628F482A3EF88E33A8FCB
C:\Program Files (x86)\Windows Sidebar\Gadgets\Notes.Gadget\images\sticky_yellow_docked.png --a---- 7258 bytes [15:02 02/11/2006] [15:02 02/11/2006] 6F19456A1EC4EED8D8C0659B31E85F93
C:\Users\Jerry\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Network_Meter_V6.3[1].gadget\arrow_down_yellow.png --a---- 267 bytes [01:18 18/09/2010] [01:18 18/09/2010] B34C9615EAE220D28A9F5A7578AB6134
C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Cookies\jerry@b2byellowpages[1].txt --ah--- 100 bytes [13:25 05/07/2011] [13:25 05/07/2011] 3447F8E81D8B29670E2030B2168E8BB0
C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Cookies\jerry@www.b2byellowpages[1].txt --a---- 309 bytes [13:25 05/07/2011] [13:25 05/07/2011] 51132A60C7334550D5CC7EED6503E357
C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Cookies\jerry@yellowbullet[1].txt --a---- 579 bytes [05:15 24/04/2011] [05:15 24/04/2011] 9D33799FB9DD6EAD73DD94B9E4FA0031
C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Cookies\jerry@yellowpages.aol[1].txt --a---- 289 bytes [01:34 02/08/2010] [01:34 02/08/2010] 5DA8C5B8FA38E7282010D85E7EAF179A
C:\Users\Jerry\Favorites\yellowise hijacker - Google Search.url --a---- 377 bytes [23:31 23/11/2011] [23:31 23/11/2011] 904E63EF919A176BB6765FAD86FF5333
C:\Users\Jerry\Favorites\things i need to get but probably never will\Morrell Yellow Jacket Broadhead Target.url --a---- 398 bytes [16:40 19/09/2010] [04:21 31/05/2011] F3FB3FE75D1C9268C2ADA6663B61F289
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif --a---- 880 bytes [12:38 02/11/2006] [21:31 18/09/2006] 63C1F4A02E3BBB0B6A91C51C8FE16324
C:\Windows\winsxs\amd64_microsoft-windows-gadgets-stickynotes_31bf3856ad364e35_6.0.6000.16386_none_41edbd18496c4bf4\sticky_yellow.png --a---- 12646 bytes [15:01 02/11/2006] [15:01 02/11/2006] C423E67FA3D628F482A3EF88E33A8FCB
C:\Windows\winsxs\amd64_microsoft-windows-gadgets-stickynotes_31bf3856ad364e35_6.0.6000.16386_none_41edbd18496c4bf4\sticky_yellow_docked.png --a---- 7258 bytes [15:01 02/11/2006] [15:01 02/11/2006] 6F19456A1EC4EED8D8C0659B31E85F93
C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16386_none_673d8faf0441d208\yellowCORNER.gif --a---- 880 bytes [06:37 02/11/2006] [21:31 18/09/2006] 63C1F4A02E3BBB0B6A91C51C8FE16324
C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_673816130446a17c\yellowCORNER.gif --a---- 880 bytes [06:37 02/11/2006] [21:31 18/09/2006] 63C1F4A02E3BBB0B6A91C51C8FE16324
C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_50702cb71de8e66f\yellowCORNER.gif --a---- 880 bytes [06:37 02/11/2006] [21:31 18/09/2006] 63C1F4A02E3BBB0B6A91C51C8FE16324
C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_6712fac90498ae1d\yellowCORNER.gif --a---- 880 bytes [06:37 02/11/2006] [21:31 18/09/2006] 63C1F4A02E3BBB0B6A91C51C8FE16324
C:\Windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_50476b651e3e2730\yellowCORNER.gif --a---- 880 bytes [06:37 02/11/2006] [21:31 18/09/2006] 63C1F4A02E3BBB0B6A91C51C8FE16324
C:\Windows\winsxs\x86_microsoft-windows-gadgets-stickynotes_31bf3856ad364e35_6.0.6000.16386_none_e5cf2194910edabe\sticky_yellow.png --a---- 12646 bytes [15:02 02/11/2006] [15:02 02/11/2006] C423E67FA3D628F482A3EF88E33A8FCB
C:\Windows\winsxs\x86_microsoft-windows-gadgets-stickynotes_31bf3856ad364e35_6.0.6000.16386_none_e5cf2194910edabe\sticky_yellow_docked.png --a---- 7258 bytes [15:02 02/11/2006] [15:02 02/11/2006] 6F19456A1EC4EED8D8C0659B31E85F93

========== folderfind ==========

Searching for "*yellowise*"
No folders found.

========== Regfind ==========

Searching for "yellowise"
No data found.

-= EOF =-
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 24th, 2011, 11:23 am

iowabucks,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    IE - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 73 08 20 39 DF C9 01 [binary data]
    IE - HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


-------------------------------------------------
Run the ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
You will, however, need to disable your current installed Anti-Virus. Additional information on how to do it is shown here.

Vista/Windows 7 users: You will need to to right-click on the either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select Run as Administrator.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

See if this may contain the trouble.

If we are still unable to locate the villain, I would consider removing all the plug-ins from Firefox, and re-installing them.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 25th, 2011, 12:35 am

I still don't have an anti-virus installed. I did have AVG but never found anything more than cookies. What would you recommend for the best free anti-virus?

Sometimes i will play a video on say Facebook or YouTube and then close out the window. I then can hear a videos audio playing in the background. I can close everything and it's still there. I can look up all running apps and there is nothing running. But the audio is coming from somewhere. Weird.


OTL log:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1669760302-2667445884-3644838314-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1669760302-2667445884-3644838314-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully.
C:\Windows\SysWOW64\dvmurl.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jerry\Desktop\computer cleaning\cmd.bat deleted successfully.
C:\Users\Jerry\Desktop\computer cleaning\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jerry
->Temp folder emptied: 16470894 bytes
->Temporary Internet Files folder emptied: 185878354 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 10539 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 10657792 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31774 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 14677769 bytes

Total Files Cleaned = 217.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11242011_192140

Files\Folders moved on Reboot...
C:\Users\Jerry\AppData\Local\Temp\ppcrlui_3920_2 moved successfully.
C:\Users\Jerry\AppData\Local\Temp\VGX555F.tmp moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOZF89HJ\B6012531[2].htm not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOZF89HJ\emily[1].htm moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOZF89HJ\sandbox[2].htm not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHO6ZKNX\redirect_v94_cim_11_16_1[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA5OPII5\holiday-buying-guide-stocking-stuffers[1].htm moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA5OPII5\sandbox[1].htm not found!
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY8XMO1J\login_status[1].htm not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZQA68V7\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZQA68V7\login_status[1].htm moved successfully.
File\Folder C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZQA68V7\register[1].htm not found!
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZQA68V7\sandbox[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MCGAJUY\aceUACping[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MCGAJUY\sandbox[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1I4VND6T\in[1].htm moved successfully.
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1I4VND6T\xd_receiver[1].htm moved successfully.
File move failed. C:\Windows\SysNative\SET449C.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET5059.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Eset log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

One threat found on Eset:
C:\ProgramData\VistaCodecs\{146A630B-CF66-4B5E-95BF-478A16039BF3}\Vista Codec Package.msi Win32/Packed.Autoit.E.Gen application
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 25th, 2011, 8:58 am

iowabucks,
Earlier I instructed to download the Microsoft Security Essentials Installer, and then subsequently asked you to run it, update it and do a scan.
This is a good free antivirus.
If you don't install one, your computer will regularly get infected and soon will be impossible to fix.
Don't do anything alse or surf online again until you complete this.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\ProgramData\VistaCodecs\{146A630B-CF66-4B5E-95BF-478A16039BF3}\Vista Codec Package.msi
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 25th, 2011, 4:55 pm

OTL logfile created on: 11/25/2011 2:41:34 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jerry\Desktop\computer cleaning
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.02% Memory free
8.18 Gb Paging File | 6.30 Gb Available in Paging File | 77.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 761.72 Gb Total Space | 633.05 Gb Free Space | 83.11% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 169.79 Gb Total Space | 128.37 Gb Free Space | 75.61% Space Free | Partition Type: NTFS

Computer Name: JERRY-PC | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 18:45:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\computer cleaning\OTL.exe
PRC - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/05/03 15:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
PRC - [2011/05/03 15:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2011/01/10 08:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/12/02 20:06:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/12/29 17:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/03 15:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/05/03 15:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/01/10 08:24:20 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 08:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/02 20:06:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/23 04:39:00 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 18:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/30 10:28:28 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/27 20:18:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/29 17:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/01 02:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/03/30 22:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/02/22 14:31:20 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2010/02/22 14:31:20 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/02/22 14:31:05 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2010/02/22 14:31:04 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/10/08 00:22:36 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2008/10/08 00:22:30 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2008/10/08 00:22:28 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2008/10/08 00:22:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2008/10/08 00:22:24 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2008/10/08 00:22:22 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2008/10/08 00:22:18 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2008/10/08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2008/10/08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2008/10/08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2008/10/08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2008/10/08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2008/10/08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2008/05/01 23:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 20:46:34 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 20:46:34 | 000,017,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2008/01/20 20:46:08 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mstape.sys -- (MSTAPE)
DRV:64bit: - [2008/01/20 20:46:05 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 20:46:01 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/07/23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/07/13 02:58:54 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\U6000ALL.sys -- (U6000ALL) U6000 TV Box(ALL)
DRV:64bit: - [2007/04/11 14:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/04/11 14:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/03/20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Alpham264.sys -- (Alpham2)
DRV - [2010/07/06 23:11:01 | 000,022,336 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/06 15:15:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2007/10/16 15:15:26 | 000,036,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\ET5Drv.sys -- (ET5Drv)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.archerytalk.com/vb/forumdisplay.php?f=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/11/30 10:57:28 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/11/30 10:57:28 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/10/26 18:16:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/20 07:58:44 | 000,000,000 | ---D | M]

[2009/05/29 09:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions
[2009/05/29 09:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2011/11/21 13:11:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab (CDownloadCtrl Object)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab (EPUImageControl Class)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.207.0.3 66.207.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98E5A55E-A998-4205-9578-EB9E15529319}: DhcpNameServer = 66.207.0.3 66.207.0.2
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative64)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 20:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/24 10:37:53 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/11/23 19:34:05 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Tific
[2011/11/23 19:34:05 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Tific
[2011/11/23 19:33:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64
[2011/11/23 19:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup
[2011/11/23 19:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup
[2011/11/23 19:33:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\02000C0.01B
[2011/11/23 19:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/23 19:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/23 19:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/11/23 19:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/23 19:00:13 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/23 19:00:13 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/23 16:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2011/11/23 16:58:21 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\PC_Drivers_Headquarters
[2011/11/23 16:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2011/11/23 16:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2011/11/23 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2011/11/22 15:56:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/22 08:10:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/22 04:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/21 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/11/21 18:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/21 13:47:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/21 13:12:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/21 08:29:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/21 08:29:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/21 08:29:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/21 08:28:04 | 000,000,000 | ---D | C] -- C:\zzz
[2011/11/20 19:42:06 | 000,000,000 | R--D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/01 14:53:24 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2008/10/07 22:42:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2008/10/07 22:23:46 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/25 14:32:13 | 000,675,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/25 14:32:13 | 000,579,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/25 14:32:13 | 000,101,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/25 14:27:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 14:27:55 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 14:27:55 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 14:27:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 14:26:31 | 000,062,556 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/25 14:26:31 | 000,062,556 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/25 14:26:31 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/25 13:53:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 11:09:51 | 000,253,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/25 01:17:59 | 000,270,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/25 01:17:59 | 000,270,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/25 01:17:26 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/23 19:33:59 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Norton PC Checkup.LNK
[2011/11/23 16:57:36 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2011/11/23 09:45:54 | 000,001,356 | ---- | M] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2011/11/22 15:02:31 | 000,005,452 | ---- | M] () -- C:\Users\Jerry\Desktop\New Rich Text Format.rtf
[2011/11/22 04:55:11 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/21 19:01:57 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/21 18:58:43 | 000,689,910 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/21 13:11:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/20 08:03:54 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/20 08:03:54 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/31 20:18:16 | 000,019,494 | ---- | M] () -- F:\Documents\cc_20111031_211810.reg
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 19:33:59 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Norton PC Checkup.LNK
[2011/11/23 19:33:54 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\02000C0.01B\isolate.ini
[2011/11/23 16:57:36 | 000,002,385 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2011/11/22 04:55:11 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/21 19:01:57 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/21 18:58:30 | 000,001,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/21 08:29:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/21 08:29:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/21 08:29:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/21 08:29:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/21 08:29:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/31 20:18:13 | 000,019,494 | ---- | C] () -- F:\Documents\cc_20111031_211810.reg
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/13 14:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/08/17 14:16:52 | 000,000,571 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/08/17 14:16:52 | 000,000,049 | ---- | C] () -- C:\Windows\Progs_.ini
[2011/04/25 23:03:14 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/25 23:03:14 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/31 23:36:35 | 000,000,620 | ---- | C] () -- C:\Users\Jerry\AppData\Local\mapc2mapc.ini
[2010/06/08 18:41:33 | 000,001,356 | ---- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2010/05/31 18:21:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/12/11 16:16:10 | 000,870,128 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2009/12/11 16:16:10 | 000,000,004 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\20E5E8
[2009/09/24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/09/07 22:01:48 | 000,017,043 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\UserTile.png
[2009/08/14 21:55:02 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/06/17 21:52:53 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/06/03 22:09:49 | 000,689,910 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/03 10:15:39 | 010,444,800 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009/06/01 15:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/01 15:24:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/06/01 15:24:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/05/29 14:55:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2009/05/29 14:52:43 | 000,000,208 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/05/28 21:36:48 | 000,065,536 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 21:00:03 | 000,144,896 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/05/28 21:00:03 | 000,071,168 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/05/28 13:01:42 | 000,270,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/05/28 13:01:41 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/05/27 19:42:21 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/27 18:32:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/05/27 18:16:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/05/27 16:01:09 | 000,001,460 | -H-- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps64.dat
[2008/10/07 23:08:38 | 000,020,936 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2008/10/07 22:41:40 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2008/10/07 22:31:14 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2008/10/07 22:31:14 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2008/10/07 22:23:50 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2008/09/12 20:22:40 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/08/19 17:39:18 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008/01/20 20:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/08 19:12:12 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/05 13:07:11 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\1psiG60XV55.dll
[2006/11/02 09:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/08/24 22:19:25 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\1psi60XV55.dll
[2004/07/29 02:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2004/01/18 19:11:47 | 000,076,800 | R--- | C] () -- C:\Windows\SysWow64\1psi60X.dll
[2003/06/28 14:34:20 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll

========== LOP Check ==========

[2011/11/01 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Auslogics
[2009/06/09 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/30 11:07:21 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\DassaultSystemes
[2011/11/20 07:59:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\DiskSpaceFan
[2011/11/20 07:59:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\gtk-2.0
[2009/05/29 09:35:30 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ideazon
[2010/06/17 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\iExpert Software
[2011/01/31 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Mobile Atlas Creator
[2010/06/27 09:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\MotionDSP
[2009/09/07 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Mp3tag
[2009/10/30 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PandoraRecovery
[2009/11/11 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PeerNetworking
[2010/01/17 17:11:32 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Publish Providers
[2010/01/14 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Sony
[2010/03/25 13:02:28 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SuperAdBlocker.com
[2010/05/31 15:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Systweak
[2011/11/23 19:34:05 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Tific
[2010/05/07 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\TS3Client
[2009/06/01 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ulead Systems
[2009/11/06 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\VistaCodecs
[2010/02/11 00:45:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\WinBatch
[2011/11/25 14:26:20 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0CE7F3C9

< End of report >
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby iowabucks » November 25th, 2011, 7:50 pm

Whats with all the Mozilla files? I use Internet Explorer 9 as my browser. I think i installed Firefox a couple years back and used it only once. I don't like change. lol.

I'm still getting redirects on Google searches (only the first couple tries), still hearing music/ads/commercials in the background. Even with nothing running (i checked task manager).

I also notice in my Windows mail inbox, none of the links in my emails will even try and take me anywhere. But they were working earlier today. This is screwy.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 25th, 2011, 10:29 pm

iowa bucks,
Let's fix that:
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/11/30 10:57:28 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/11/30 10:57:28 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/10/26 18:16:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/20 07:58:44 | 000,000,000 | ---D | M]
    
    [2009/05/29 09:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions
    [2009/05/29 09:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jerry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Firefox

Take extra care in answering questions posed by any Uninstaller.

If you want to install it again, it's easy.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 26th, 2011, 2:00 am

I can't seem to find Mozilla or Firefox in my programs and features.





OTL logfile created on: 11/25/2011 11:56:42 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jerry\Desktop\computer cleaning
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.13% Memory free
8.17 Gb Paging File | 6.07 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 761.72 Gb Total Space | 632.29 Gb Free Space | 83.01% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 169.79 Gb Total Space | 128.37 Gb Free Space | 75.61% Space Free | Partition Type: NTFS

Computer Name: JERRY-PC | User Name: Jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 18:45:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\computer cleaning\OTL.exe
PRC - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/05/03 15:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
PRC - [2011/05/03 15:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2011/01/10 08:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/12/02 20:06:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/12/29 17:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/03 15:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/05/03 15:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/01/10 08:24:20 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 08:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/02 20:06:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/23 04:39:00 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 18:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/30 10:28:28 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/27 20:18:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/29 17:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/01 02:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/03/30 22:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/02/22 14:31:20 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2010/02/22 14:31:20 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/02/22 14:31:05 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2010/02/22 14:31:04 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/10/08 00:22:36 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2008/10/08 00:22:30 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2008/10/08 00:22:28 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2008/10/08 00:22:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2008/10/08 00:22:24 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2008/10/08 00:22:22 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2008/10/08 00:22:18 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2008/10/08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2008/10/08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2008/10/08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2008/10/08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2008/10/08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2008/10/08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2008/05/01 23:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 20:46:34 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 20:46:34 | 000,017,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2008/01/20 20:46:08 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mstape.sys -- (MSTAPE)
DRV:64bit: - [2008/01/20 20:46:05 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 20:46:01 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/07/23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/07/13 02:58:54 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\U6000ALL.sys -- (U6000ALL) U6000 TV Box(ALL)
DRV:64bit: - [2007/04/11 14:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/04/11 14:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/03/20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Alpham264.sys -- (Alpham2)
DRV - [2010/07/06 23:11:01 | 000,022,336 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/07/06 15:15:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2007/10/16 15:15:26 | 000,036,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\ET5Drv.sys -- (ET5Drv)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.archerytalk.com/vb/forumdisplay.php?f=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/10/26 18:16:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/20 07:58:44 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/21 13:11:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab (CDownloadCtrl Object)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab (EPUImageControl Class)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.207.0.3 66.207.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98E5A55E-A998-4205-9578-EB9E15529319}: DhcpNameServer = 66.207.0.3 66.207.0.2
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/15 18:53:55 | 000,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative64)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 17:36:18 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\SvchostViewer
[2011/11/24 20:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/24 10:37:53 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/11/23 19:34:05 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Roaming\Tific
[2011/11/23 19:34:05 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\Tific
[2011/11/23 19:33:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64
[2011/11/23 19:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup
[2011/11/23 19:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup
[2011/11/23 19:33:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\02000C0.01B
[2011/11/23 19:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/23 19:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/23 19:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/11/23 19:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/11/23 19:00:13 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/11/23 19:00:13 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/11/23 16:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2011/11/23 16:58:21 | 000,000,000 | ---D | C] -- C:\Users\Jerry\AppData\Local\PC_Drivers_Headquarters
[2011/11/23 16:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2011/11/23 16:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2011/11/23 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2011/11/22 15:56:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/22 08:10:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/22 04:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/21 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/11/21 18:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/21 13:47:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/21 13:12:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/21 08:29:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/21 08:29:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/21 08:29:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/21 08:28:04 | 000,000,000 | ---D | C] -- C:\zzz
[2011/11/20 19:42:06 | 000,000,000 | R--D | C] -- C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/01 14:53:24 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2008/10/07 22:42:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2008/10/07 22:23:46 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/25 23:58:46 | 000,675,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/25 23:58:46 | 000,579,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/25 23:58:46 | 000,101,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/25 23:53:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 23:52:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 23:52:34 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 23:52:34 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 23:52:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 23:51:04 | 000,062,556 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/25 23:51:04 | 000,062,556 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/25 23:51:04 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-00221102}.rfx
[2011/11/25 20:35:12 | 000,004,405 | ---- | M] () -- C:\Users\Jerry\Desktop\New Rich Text Format.rtf
[2011/11/25 20:31:40 | 000,007,691 | ---- | M] () -- F:\Documents\Tims info.rtf
[2011/11/25 19:42:37 | 000,270,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/25 19:42:37 | 000,270,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/25 19:42:02 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/25 11:09:51 | 000,253,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/23 19:33:59 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Norton PC Checkup.LNK
[2011/11/23 16:57:36 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2011/11/23 09:45:54 | 000,001,356 | ---- | M] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2011/11/22 04:55:11 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/21 19:01:57 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/21 18:58:43 | 000,689,910 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/21 13:11:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/20 08:03:54 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/20 08:03:54 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/31 20:18:16 | 000,019,494 | ---- | M] () -- F:\Documents\cc_20111031_211810.reg
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 19:33:59 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Norton PC Checkup.LNK
[2011/11/23 19:33:54 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NortonPCCheckupx64\02000C0.01B\isolate.ini
[2011/11/23 16:57:36 | 000,002,385 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2011/11/22 04:55:11 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/21 19:01:57 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/21 18:58:30 | 000,001,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/21 08:29:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/21 08:29:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/21 08:29:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/21 08:29:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/21 08:29:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/31 20:18:13 | 000,019,494 | ---- | C] () -- F:\Documents\cc_20111031_211810.reg
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/13 14:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/08/17 14:16:52 | 000,000,571 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/08/17 14:16:52 | 000,000,049 | ---- | C] () -- C:\Windows\Progs_.ini
[2011/04/25 23:03:14 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/25 23:03:14 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/31 23:36:35 | 000,000,620 | ---- | C] () -- C:\Users\Jerry\AppData\Local\mapc2mapc.ini
[2010/06/08 18:41:33 | 000,001,356 | ---- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps.dat
[2010/05/31 18:21:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/12/11 16:16:10 | 000,870,128 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\mcs.rma
[2009/12/11 16:16:10 | 000,000,004 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\20E5E8
[2009/09/24 00:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/09/07 22:01:48 | 000,017,043 | ---- | C] () -- C:\Users\Jerry\AppData\Roaming\UserTile.png
[2009/08/14 21:55:02 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/06/17 21:52:53 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/06/03 22:09:49 | 000,689,910 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/03 10:15:39 | 010,444,800 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009/06/01 15:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/01 15:24:49 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/06/01 15:24:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/05/29 14:55:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2009/05/29 14:52:43 | 000,000,208 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/05/28 21:36:48 | 000,065,536 | ---- | C] () -- C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 21:00:03 | 000,144,896 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/05/28 21:00:03 | 000,071,168 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/05/28 13:01:42 | 000,270,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/05/28 13:01:41 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/05/27 19:42:21 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/27 18:32:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/05/27 18:16:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/05/27 16:01:09 | 000,001,460 | -H-- | C] () -- C:\Users\Jerry\AppData\Local\d3d9caps64.dat
[2008/10/07 23:08:38 | 000,020,936 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2008/10/07 22:41:40 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2008/10/07 22:31:14 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2008/10/07 22:31:14 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2008/10/07 22:23:50 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2008/09/12 20:22:40 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2008/08/19 17:39:18 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008/01/20 20:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/08 19:12:12 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/05 13:07:11 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\1psiG60XV55.dll
[2006/11/02 09:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/08/24 22:19:25 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\1psi60XV55.dll
[2004/07/29 02:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2004/01/18 19:11:47 | 000,076,800 | R--- | C] () -- C:\Windows\SysWow64\1psi60X.dll
[2003/06/28 14:34:20 | 000,069,707 | ---- | C] () -- C:\Windows\SysWow64\DISP_OPT1.dll

========== LOP Check ==========

[2011/11/01 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Auslogics
[2009/06/09 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/30 11:07:21 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\DassaultSystemes
[2011/11/20 07:59:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\DiskSpaceFan
[2011/11/20 07:59:08 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\gtk-2.0
[2009/05/29 09:35:30 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ideazon
[2010/06/17 20:10:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\iExpert Software
[2011/01/31 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Mobile Atlas Creator
[2010/06/27 09:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\MotionDSP
[2009/09/07 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Mp3tag
[2009/10/30 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PandoraRecovery
[2009/11/11 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\PeerNetworking
[2010/01/17 17:11:32 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Publish Providers
[2010/01/14 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Sony
[2010/03/25 13:02:28 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\SuperAdBlocker.com
[2010/05/31 15:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Systweak
[2011/11/23 19:34:05 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Tific
[2010/05/07 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\TS3Client
[2009/06/01 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\Ulead Systems
[2009/11/06 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\VistaCodecs
[2010/02/11 00:45:57 | 000,000,000 | ---D | M] -- C:\Users\Jerry\AppData\Roaming\WinBatch
[2011/11/25 23:50:49 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0CE7F3C9

< End of report >
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 26th, 2011, 8:43 am

iowabucks,
With the outside help and changes made between responses, it's very difficult to keep track of what's going on with this machine.
I believe we have done all we can do with our online capability.
I would suggest you keep just one antivirus running at a time.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help with trojan

Unread postby iowabucks » November 26th, 2011, 5:04 pm

Thanks you for helping askey.
iowabucks
Regular Member
 
Posts: 50
Joined: January 5th, 2009, 1:07 am

Re: Need help with trojan

Unread postby askey127 » November 26th, 2011, 5:28 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 133 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware