|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
August 9th, 2012, 07:36 PM
|
|||
|
|||
|
Browser seems hijacked
Rebooted computer and found that the desktop was loaded with all kinds of files. Browser is blank and when I went to look for an earlier restore point, it says system protection is off and no link to turn it back on?
Last edited by Hazmat1234; August 10th, 2012 at 12:44 PM. 
|
|
#2
August 10th, 2012, 12:43 AM
|
||||
|
||||
|
Hello again Hazmat1234,
Let's take a look. Right off see if you can access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear. If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
|
#3
August 10th, 2012, 05:41 AM
|
|||
|
|||
|
OTL logfile created on: 8/9/2012 8:35:46 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\DDR\Data Doctors 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.93 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 75.28% Memory free 7.87 Gb Paging File | 6.91 Gb Available in Paging File | 87.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 723.83 Gb Free Space | 77.71% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/09 20:30:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\DDR\Data Doctors\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/05/08 23:31:42 | 006,715,024 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV:64bit: - [2012/05/05 13:45:44 | 003,168,256 | ---- | M] (Carbonite) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe -- (Carbonite-Mirror-Image-Svc) SRV:64bit: - [2012/03/23 16:44:02 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV) SRV:64bit: - [2012/03/13 18:26:10 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2011/11/09 17:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2011/10/14 23:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV:64bit: - [2011/01/26 22:55:38 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/08/03 06:45:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/07 22:23:16 | 000,186,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess) SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/06/29 13:26:06 | 000,520,216 | ---- | M] (Ant.com) [Auto | Stopped] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/09 01:50:00 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/12/09 01:49:58 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/20 20:22:46 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/17 16:45:56 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2012/02/02 02:43:00 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2011/11/25 14:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv) DRV:64bit: - [2011/11/17 17:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox) DRV:64bit: - [2011/11/14 20:16:42 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV:64bit: - [2011/11/14 20:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV:64bit: - [2011/10/27 15:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos) DRV:64bit: - [2011/08/16 14:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/26 23:37:22 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/01/26 22:13:34 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/01/19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK) DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/11/29 15:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2294860257-268734865-81461914-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2294860257-268734865-81461914-1000\..\SearchScopes,DefaultScope = {27A1F1B3-37D9-4C51-80C7-95B3EF6363A3} IE - HKU\S-1-5-21-2294860257-268734865-81461914-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={search...ox&FORM=IE8SRC IE - HKU\S-1-5-21-2294860257-268734865-81461914-1000\..\SearchScopes\{27A1F1B3-37D9-4C51-80C7-95B3EF6363A3}: "URL" = http://www.google.com/search?q={sear...age={startPage} IE - HKU\S-1-5-21-2294860257-268734865-81461914-1000\..\SearchScopes\{A0205B7D-39AA-48A4-B558-69D252CBC808}: "URL" = http://www.ant.com/search?s=browser&q={searchTerms} IE - HKU\S-1-5-21-2294860257-268734865-81461914-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2294860257-268734865-81461914-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( ) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/06/06 00:29:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/06/06 00:29:04 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Applicat ion\19.0.1084.52\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.1 11\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\ CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.3_0\ O1 HOSTS File: ([2012/08/09 12:12:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com) O3 - HKU\S-1-5-21-2294860257-268734865-81461914-1000\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1332206751\ee\aolsoftware.exe (AOL Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2294860257-268734865-81461914-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2294860257-268734865-81461914-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0 O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2294860257-268734865-81461914-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-2294860257-268734865-81461914-1000\..Trusted Domains: localhost ([]* in Local intranet) O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://dommail15a.phoenix.gov/iNotes6W.cab (iNotes6 Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.1.6:8090/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{FA018CE0-0726-48B3-895B-125108B2883F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/09 20:25:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012/08/09 20:18:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/07/31 15:36:41 | 000,000,000 | ---D | C] -- C:\Users\User\Old data2 [2012/07/31 14:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012/07/31 12:43:38 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/07/31 12:35:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/07/31 12:35:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/07/31 12:35:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/07/31 12:33:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/31 12:33:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/07/29 17:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/07/29 17:56:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/07/29 17:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/07/26 16:30:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/07/25 13:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP Camera [2012/07/24 00:00:50 | 000,000,000 | ---D | C] -- C:\Users\User\NETGEARGenie [2012/07/23 23:35:12 | 000,000,000 | ---D | C] -- C:\Users\User\FI8910W 11.37.2.46 [2012/07/23 14:40:09 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2012/07/11 03:00:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/11 03:00:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/11 03:00:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/11 03:00:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/11 03:00:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/11 03:00:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/11 03:00:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/11 03:00:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/11 03:00:44 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/11 03:00:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/11 03:00:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/11 03:00:44 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/11 03:00:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll ========== Files - Modified Within 30 Days ========== [2012/08/09 20:40:07 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/09 20:40:07 | 000,624,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/09 20:40:07 | 000,106,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/09 20:34:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/09 20:34:32 | 3168,841,728 | -HS- | M] () -- C:\hiberfil.sys [2012/08/09 20:25:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012/08/09 19:56:01 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml [2012/08/09 19:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/09 12:19:34 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/09 12:19:34 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/09 12:12:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/08 06:58:15 | 000,001,738 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012/08/06 11:58:58 | 000,001,836 | ---- | M] () -- C:\Users\User\Desktop\Resume PDF Converter download.lnk [2012/08/03 06:45:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/03 06:45:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/07/31 14:54:14 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/25 13:22:26 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\IP Camera Tool.lnk ========== Files Created - No Company Name ========== [2012/08/06 11:58:58 | 000,001,836 | ---- | C] () -- C:\Users\User\Desktop\Resume PDF Converter download.lnk [2012/07/31 12:35:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/07/31 12:35:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/07/31 12:35:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/07/31 12:35:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/07/31 12:35:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/07/25 13:22:11 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\IP Camera Tool.lnk [2012/06/11 17:56:29 | 000,033,134 | ---- | C] () -- C:\Users\User\AppData\Roaming\UserTile.png [2012/06/06 11:02:50 | 000,000,100 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64. bc [2012/05/30 10:37:14 | 000,000,817 | ---- | C] () -- C:\Windows\MD_MicroDiffs.INI [2012/05/30 10:37:14 | 000,000,817 | ---- | C] () -- C:\Windows\MD_MacroDiffs.INI [2012/05/30 10:37:14 | 000,000,817 | ---- | C] () -- C:\Windows\CFX.INI [2012/05/30 10:37:13 | 000,000,817 | ---- | C] () -- C:\Windows\WDD_COMPARE_DIR_CFX1.INI [2012/03/19 18:22:43 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2011/09/08 11:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/12/21 02:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== Files - Unicode (All) ========== [2012/08/09 11:02:48 | 000,000,000 | ---D | M](C:\Windows\SysNative\???????????????????????????? ??) -- C:\Windows\SysNative\꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯 꾯 [2012/08/09 11:02:48 | 000,000,000 | ---D | C](C:\Windows\SysNative\???????????????????????????? ??) -- C:\Windows\SysNative\꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯 꾯 ========== Alternate Data Streams ========== @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:40F038C5 < End of report >
|
|
#4
August 10th, 2012, 05:42 AM
|
|||
|
|||
|
OTL Extras logfile created on: 8/9/2012 8:35:46 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\DDR\Data Doctors 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.93 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 75.28% Memory free 7.87 Gb Paging File | 6.91 Gb Available in Paging File | 87.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.41 Gb Total Space | 723.83 Gb Free Space | 77.71% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .ini [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{1858D86C-30B2-4901-AA6C-29FA5B41C741}" = rport=138 | protocol=17 | dir=out | app=system | "{1FAEEFDB-5EC3-450C-917A-FEF1E6D044C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{38587508-88E9-4633-8DAE-D6963DC8F791}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{391D27BF-704F-460C-8DD8-C8887927DCBE}" = lport=10243 | protocol=6 | dir=in | app=system | "{3B5C79B7-8A4A-4014-84CB-88D5EB282CD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C899447-A147-4121-B594-6331F12E6B69}" = lport=138 | protocol=17 | dir=in | app=system | "{6659492D-62DD-4BFC-AE19-BF72F6C6AD7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6C4C751A-2568-457E-B833-DD4C3F315A45}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port | "{6E350C2F-6F6A-4445-B0B6-035B4A978AB7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{6EA40374-4357-488F-A685-E6E14E7DFF63}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port | "{7B1C0A77-887C-45A2-8746-3EA947F24CD3}" = rport=10243 | protocol=6 | dir=out | app=system | "{843A18EA-381A-49A0-B05A-7D2B7136037B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8819BADE-8087-4605-A3A2-D11620047CA1}" = lport=139 | protocol=6 | dir=in | app=system | "{93A871C6-9B87-4389-99B3-8C70CD345477}" = rport=137 | protocol=17 | dir=out | app=system | "{ABA15E07-8138-44E7-8CE6-F21F9407705B}" = lport=445 | protocol=6 | dir=in | app=system | "{B057ABF3-8DED-4CFB-9618-82B898F3B0B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BCCDF3CD-8371-4DA2-B38A-05E6BA0BFB7C}" = rport=139 | protocol=6 | dir=out | app=system | "{C2200AA0-1597-4213-842B-B0520E72C2B0}" = lport=137 | protocol=17 | dir=in | app=system | "{C4F900F4-D2AD-4F24-AD99-77A41683DBFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CC2738C4-2675-43C7-A00E-82CADF6B327C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CFD5D7C3-8750-4824-B8B6-03A7E06240E0}" = lport=2869 | protocol=6 | dir=in | app=system | "{D8EEF681-AEC7-4217-908F-C14112631B61}" = rport=445 | protocol=6 | dir=out | app=system | "{DB73D95D-FEEA-4616-8AB3-C15A3BE137A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DC1E133E-44E6-41DC-A009-8BD892A626B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EE81AA8A-3BBB-4119-B96F-0EE86FA15720}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F6237E33-4BA0-456C-870C-072AFB85BF07}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0639A51D-B0F3-46AE-8F15-3778B5D61DCB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{0704B57D-15AA-459D-AAED-9EE3B38499B1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{16A74A52-B001-4549-A39C-F9D5E6A23A3F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{17B60043-55A1-436C-B5FD-D6594F282E13}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2BBA5775-8708-4A99-90BD-A4C65FA00140}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2DE635BE-F441-42C6-A413-5B00BA5F1354}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{354DD586-035E-4778-B78B-1E32C1AAEEF8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{3A95487B-1DEA-40DB-BEB1-741EC4E89D10}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | "{3BD4CDA8-FAF2-472C-964D-0EEEC2676417}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{42CD51D1-8365-4652-BA41-1E7EC2E4DECC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{43EB54F4-54D7-4DEC-ADED-8D1DE67B5492}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | "{489C49EC-61C0-4995-8D58-3A0FA5F905B9}" = protocol=17 | dir=in | app=c:\program files (x86)\filevoom pro\filevoom.exe | "{4F236203-47C7-4D3E-801D-71195F936C77}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1332206751\ee\aolsoftware.exe | "{4FCB60A0-F713-49CD-B351-F91A936E8379}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{50108E46-82F1-4A53-82FC-CD0EDF3B396D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{52D8891E-1C0E-4E1A-958B-EE7EB5CAC62E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6051CC4F-568F-4F1C-A955-1395C138D731}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{6332A1AA-12DD-44C5-A9D4-026FEA75D873}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{667A9AB7-F1EB-4EB6-AB2A-6B213FB1F167}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{692A7111-2C44-4D43-8940-0337AE6DBF33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6A537724-74AD-4574-8E1E-155C59AD062C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{747F59FC-353F-4F08-827F-DDA4DEE9A90F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{7EF93CB4-E114-4BE2-AB10-00B98E74A2B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7F376C76-BCE9-4D1D-BEE2-F5D0B95E490B}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | "{80515343-836D-46D2-AE51-680FF7EF7525}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{83570C5F-6045-4369-A579-78ED326B4C3B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{8B38813B-0D48-4F1C-8064-C7FA2309A0E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8CFC1EFF-0AB3-4D79-BBE1-F50E52116350}" = protocol=6 | dir=out | app=system | "{9AF762F5-8AFB-43E7-BD39-58A6F1E91D68}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A11D9776-F3E3-4629-9E05-37626CECCA37}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{A68E6662-BC10-456C-9B52-F37D812910B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{A870CEF2-5D76-4953-BE75-2195FE387880}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{AF095DD3-557B-4EBA-81EF-F02F6DBA2BC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B6E924EF-2FDF-44B2-9768-3E81BC45DD2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B9929A80-9655-4580-8DC7-FAF781A78BCE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B9CB1583-3DB1-4D79-9CE9-AFB7A546614A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BB643B37-C581-48E1-B345-5CD4875B4185}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C501DA9E-9BA5-495C-BABD-9EC87B617F50}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | "{D708790A-BBE7-4ED4-8C3D-4FBC2C02FC52}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{E57CD946-6224-4E5C-86CE-B098B80E6825}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E5A9923D-4B75-449C-86BF-493537D4AF09}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E5EB5B76-3001-40DD-8E6B-E2D9C44DD669}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{ECE0C3FC-6968-40FA-B5A4-5345AFA96A66}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | "{F08B5FAF-BA90-477D-A399-B6A2D8AB41A3}" = protocol=6 | dir=in | app=c:\program files (x86)\filevoom pro\filevoom.exe | "{F12861E9-C776-418E-BB24-45FBF74A6F25}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1332206751\ee\aolsoftware.exe | "{F4380204-A043-4B80-AB18-7122CDCD6A93}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{F5894AF5-30FF-4663-BDD9-8EC36EE4F00C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{F5C7005F-6B2E-42C0-AD8A-132C4F812E3E}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | "{F8AE0E66-312A-4FC0-8A29-A1837C4652B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FBE53244-3860-4CAD-8101-EDEB920770C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FD35042C-96D5-4049-88DF-FC022120EC63}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{171BC611-B074-4524-86DD-068AE3AD93BE}" = Carbonite Mirror Image: Carbonite Mirror Image (64 bit) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Internet Security 2012 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{E76A136D-3A4F-40AA-BBDA-D682FCC8C90D}" = Intel(R) Network Connections 17.0.200.2 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Bitdefender" = Bitdefender Internet Security 2012 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "PROSetDX" = Intel(R) Network Connections 17.0.200.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{240D41CC-4C54-4287-8308-420F41BD24C6}" = Auction Sentry "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2B78F6F9-5C63-45AB-ABFD-DDB7946E4C39}" = Ant.com IE add-on "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{C636DA96-D053-4D49-96D9-C8850A43EB99}_is1" = BidFellow version 2.5.0.0 "{D50AD12E-4EDC-48D4-992C-A74B2FBE05B3}" = PCsync "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "7-Zip 9.20" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Ant.com IE add-on" = Ant.com IE add-on "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "Carbonite Backup" = Carbonite "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11 "FileVOoM Pro_is1" = FileVOoM Pro 2.5 "IP Camera" = IP Camera "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Photodex Presenter" = Photodex Presenter "ProShow Gold" = ProShow Gold "ViewpointMediaPlayer" = Viewpoint Media Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/8/2012 10:09:49 AM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 8/9/2012 1:57:08 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 8/9/2012 2:04:06 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 8/9/2012 2:05:00 PM | Computer Name = User-PC | Source = Software Protection Platform Service | ID = 1001 Description = The Software Protection service failed to start. 0x80070002 6.1.7601.17514 Error - 8/9/2012 2:08:09 PM | Computer Name = User-PC | Source = Software Protection Platform Service | ID = 1001 Description = The Software Protection service failed to start. 0x80070002 6.1.7601.17514 Error - 8/9/2012 2:09:46 PM | Computer Name = User-PC | Source = Software Protection Platform Service | ID = 1001 Description = The Software Protection service failed to start. 0x80070002 6.1.7601.17514 Error - 8/9/2012 2:13:38 PM | Computer Name = User-PC | Source = Software Protection Platform Service | ID = 1001 Description = The Software Protection service failed to start. 0x80070002 6.1.7601.17514 Error - 8/9/2012 3:11:55 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 8/9/2012 11:19:46 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 8/9/2012 11:36:15 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 8/9/2012 11:34:57 PM | Computer Name = User-PC | Source = DCOM | ID = 10005 Description = Error - 8/9/2012 11:34:58 PM | Computer Name = User-PC | Source = DCOM | ID = 10005 Description = Error - 8/9/2012 11:34:58 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 8/9/2012 11:34:58 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 8/9/2012 11:34:58 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 8/9/2012 11:34:58 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 8/9/2012 11:34:58 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 8/9/2012 11:34:58 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 8/9/2012 11:36:41 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1068 Error - 8/9/2012 11:38:18 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 < End of report >
|
|
#5
August 10th, 2012, 05:44 AM
|
|||
|
|||
|
When running Gmer, scan completes and a window pops up and says "Gmar hasn't found any system modification"? Does not create a log??
Last edited by Hazmat1234; August 10th, 2012 at 02:31 PM.
|
|
#6
August 10th, 2012, 05:45 AM
|
|||
|
|||
|
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-09 21:11:04 ----------------------------- 21:11:04.748 OS Version: Windows x64 6.1.7601 Service Pack 1 21:11:04.748 Number of processors: 4 586 0x1E05 21:11:04.748 ComputerName: USER-PC UserName: User 21:11:05.965 Initialize success 21:17:31.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 21:17:31.364 Disk 0 Vendor: WDC_WD10EALX-089BA0 15.01H15 Size: 953869MB BusType: 3 21:17:31.380 Disk 0 MBR read successfully 21:17:31.380 Disk 0 MBR scan 21:17:31.380 Disk 0 Windows 7 default MBR code 21:17:31.380 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 21:17:31.395 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 21:17:31.411 Disk 0 scanning C:\Windows\system32\drivers 21:17:35.529 Service scanning 21:17:45.622 Modules scanning 21:17:45.622 Disk 0 trace - called modules: 21:17:45.638 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 21:17:45.654 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049f6060] 21:17:45.654 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800396de40] 21:17:45.654 5 ACPI.sys[fffff88000f2d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800478c060] 21:17:45.654 Scan finished successfully 21:18:14.139 Disk 0 MBR has been saved successfully to "C:\DDR\Data Doctors\MBR.dat" 21:18:14.139 The log file has been saved successfully to "C:\DDR\Data Doctors\aswMBR.txt"
|
|
#7
August 11th, 2012, 12:40 AM
|
||||
|
||||
|
Nothing too outright bad in that, though you will want to uninstall that Itibiti RTC aggressive adware program.
The log shows you ran ComboFix recently enough (not recommended unless addressing issues in threads like this). Please post the C:\ComboFix.txt for review.
|
|
#8
August 11th, 2012, 01:47 AM
|
|||
|
|||
|
Thanks for all your help...
How would I go about "uninstall that Itibiti RTC aggressive adware program"? Here is the Combofix txt.. ComboFix 12-08-09.01 - User 08/09/2012 12:03:06.3.4 - x64 DSREPAIR Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2212 [GMT -7:00] Running from: c:\users\User\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\JASZRE1R\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92} FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: Bitdefender Antispyware *Disabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 ))))))))))))))))))))))))))))))) . . 2012-08-09 19:08 . 2012-08-09 19:08 -------- d-----w- c:\users\Shelby\AppData\Local\temp 2012-08-09 19:08 . 2012-08-09 19:08 -------- d-----w- c:\users\HP_Administrator\AppData\Local\temp 2012-08-09 19:08 . 2012-08-09 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-09 18:02 . 2012-08-09 18:02 -------- d-----w- c:\windows\system32\25DB~1 2012-07-31 22:36 . 2012-07-31 22:36 -------- d-----w- c:\users\User\Old data2 2012-07-30 00:59 . 2012-07-30 00:59 -------- d-----w- c:\program files (x86)\AVG 2012-07-30 00:56 . 2012-07-30 00:56 -------- d--h--w- c:\programdata\Common Files 2012-07-30 00:55 . 2012-07-31 21:15 -------- d-----w- c:\programdata\MFAData 2012-07-26 23:30 . 2012-07-26 23:30 -------- d-----w- c:\windows\Sun 2012-07-24 07:00 . 2012-07-25 18:44 -------- d-----w- c:\users\User\NETGEARGenie 2012-07-24 07:00 . 2012-07-24 08:15 -------- d-----w- c:\users\Administrator 2012-07-24 06:35 . 2012-07-24 06:35 -------- d-----w- c:\users\User\FI8910W 11.37.2.46 2012-07-23 21:40 . 1999-12-17 17:13 86016 ------w- c:\windows\unvise32.exe 2012-07-11 10:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 22:25 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-08-03 13:45 . 2012-04-05 16:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 13:45 . 2012-01-18 21:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 10:01 . 2011-09-08 18:39 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-02 22:19 . 2012-06-21 13:29 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 13:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 13:29 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 13:29 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 13:29 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-21 13:29 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 13:29 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 13:29 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:15 . 2012-06-21 13:29 99840 ----a-w- c:\windows\system32\wudriver.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-31_21.33.51 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-08-09 19:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-31 21:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-31 21:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-09 19:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-09 19:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at - 2009-07-14 04:54 . 2012-07-31 21:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at + 2010-11-21 03:09 . 2012-07-31 21:36 28390 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin + 2009-07-14 05:10 . 2012-08-09 19:14 30786 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin + 2011-09-08 18:11 . 2012-08-08 14:08 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2011-09-08 18:11 . 2012-07-30 01:15 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2011-09-08 18:11 . 2012-07-30 01:15 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-09-08 18:11 . 2012-08-08 14:08 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-30 01:15 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at + 2009-07-14 04:54 . 2012-08-08 14:08 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at + 2009-07-14 04:46 . 2012-08-08 14:01 95712 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\Cache \cache.dat + 2012-04-05 01:51 . 2012-07-31 21:50 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2012-04-05 01:51 . 2012-07-31 21:18 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2012-04-05 01:51 . 2012-07-31 21:50 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe - 2012-04-05 01:51 . 2012-07-31 21:18 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe - 2012-04-05 01:51 . 2012-07-31 21:18 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2012-04-05 01:51 . 2012-07-31 21:50 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2010-10-20 19:45 . 2010-10-20 19:45 29528 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\THOCRAPI.DLL + 2010-10-20 22:43 . 2010-10-20 22:43 19328 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\SPWADDTO.DLL + 2010-10-20 22:43 . 2010-10-20 22:43 11136 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\SPWADDIT.DLL + 2010-10-20 22:43 . 2010-10-20 22:43 13696 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\SPWADDIF.DLL + 2010-10-20 22:43 . 2010-10-20 22:43 42880 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\SPWADDDS.DLL + 2010-10-20 22:43 . 2010-10-20 22:43 46976 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\SPWADDDA.DLL + 2011-03-02 15:50 . 2011-03-02 15:50 48504 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\PUBTRAP.DLL + 2010-12-21 07:29 . 2010-12-21 07:29 82848 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\PEOPLEDATAHANDL ER.DLL + 2010-10-20 22:04 . 2010-10-20 22:04 15776 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\OMUOPTINPS.DLL + 2010-10-20 22:05 . 2010-10-20 22:05 20880 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MUOPTIN.DLL + 2011-03-12 00:47 . 2011-03-12 00:47 15248 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSOCFUIU.DLL + 2011-03-12 00:46 . 2011-03-12 00:46 18832 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSOCFU.DLL + 2010-10-23 00:14 . 2010-10-23 00:14 61832 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSAEXP30.DLL + 2010-10-20 22:43 . 2010-10-20 22:43 18816 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\INTMAPI.DLL + 2010-10-20 22:43 . 2010-10-20 22:43 11648 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\INTGMAT.DLL + 2010-12-21 09:54 . 2010-12-21 09:54 93576 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\ACCOLK.DLL + 2011-09-08 18:23 . 2012-08-09 19:14 8112 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2294860257-268734865-81461914-1000_UserData.bin + 2012-08-09 18:00 . 2012-08-09 19:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat - 2012-07-31 21:32 . 2012-07-31 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat + 2012-08-09 18:00 . 2012-08-09 19:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat - 2012-07-31 21:32 . 2012-07-31 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat + 2012-08-03 13:45 . 2012-08-03 13:45 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 3_300_270_ActiveX.exe + 2012-08-03 13:45 . 2012-08-03 13:45 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 3_300_270_ActiveX.dll - 2012-04-05 16:44 . 2012-07-27 08:45 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe + 2012-04-05 16:44 . 2012-08-03 13:45 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe - 2009-07-14 02:36 . 2012-07-31 21:23 624018 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-09 18:09 624018 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-07-31 21:23 106394 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-08-09 18:09 106394 c:\windows\system32\perfc009.dat + 2012-08-03 13:45 . 2012-08-03 13:45 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_ 3_300_270_ActiveX.exe + 2012-08-03 13:45 . 2012-08-03 13:45 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_ 3_300_270_ActiveX.dll - 2009-07-14 04:45 . 2012-07-11 10:20 414656 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-07-31 21:54 414656 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:01 . 2012-07-31 21:32 385004 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-09 17:59 385004 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat - 2012-04-05 01:51 . 2012-07-31 21:18 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2012-04-05 01:51 . 2012-07-31 21:50 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2012-04-05 01:51 . 2012-07-31 21:50 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2012-04-05 01:51 . 2012-07-31 21:18 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2012-04-05 01:51 . 2012-07-31 21:50 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe - 2012-04-05 01:51 . 2012-07-31 21:18 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2012-04-05 01:51 . 2012-07-31 21:50 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2012-04-05 01:51 . 2012-07-31 21:18 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2012-04-05 01:51 . 2012-07-31 21:18 470616 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2012-04-05 01:51 . 2012-07-31 21:50 470616 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2012-04-05 01:51 . 2012-07-31 21:50 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe - 2012-04-05 01:51 . 2012-07-31 21:18 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe + 2012-07-31 21:43 . 2012-07-31 21:43 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe - 2012-04-06 10:01 . 2012-04-06 10:01 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe + 2010-10-20 19:45 . 2010-10-20 19:45 134024 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\TWCUTCHR.DLL + 2010-12-28 06:13 . 2010-12-28 06:13 524176 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\SOA.DLL + 2010-12-21 08:02 . 2010-12-21 08:02 521616 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\SELFCERT.EXE + 2011-03-03 03:52 . 2011-03-03 03:52 608120 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\PUBCONV.DLL + 2011-03-03 03:52 . 2011-03-03 03:52 647552 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\PTXT9.DLL + 2010-12-21 07:39 . 2010-12-21 07:39 139136 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\PRTF9.DLL + 2010-12-21 08:09 . 2010-12-21 08:09 259960 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\OISGRAPH.DLL + 2010-12-21 08:09 . 2010-12-21 08:09 886640 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\OISAPP.DLL + 2010-12-21 08:09 . 2010-12-21 08:09 274280 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\OIS.EXE + 2011-03-02 14:20 . 2011-03-02 14:20 169864 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\OARPMANY.EXE + 2010-10-20 22:05 . 2010-10-20 22:05 702312 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSTORDB.EXE + 2010-12-21 09:29 . 2010-12-21 09:29 218976 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSPROOF6.DLL + 2010-12-21 08:02 . 2010-12-21 08:02 501600 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSODCW.DLL + 2011-03-12 00:47 . 2011-03-12 00:47 152952 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSOCF.DLL + 2010-12-21 09:29 . 2010-12-21 09:29 787864 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSET7TKJP.DLL + 2010-12-21 09:43 . 2010-12-21 09:43 512392 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSET7TK.DLL + 2010-12-21 09:43 . 2010-12-21 09:43 543144 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSET7.DLL + 2011-01-07 17:38 . 2011-01-07 17:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSCONV97.DLL + 2011-03-03 03:52 . 2011-03-03 03:52 457616 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MORPH9.DLL + 2010-10-20 20:35 . 2010-10-20 20:35 571232 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MISC.EXE + 2010-10-20 22:05 . 2010-10-20 22:05 698216 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MEDCAT.DLL + 2010-11-19 23:11 . 2010-11-19 23:11 964480 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\LOBIOBDR.DLL + 2010-10-20 23:28 . 2010-10-20 23:28 567168 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\LOBICLNR.DLL + 2010-10-23 01:56 . 2010-10-23 01:56 447872 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\LOBICLI.DLL + 2010-11-19 23:11 . 2010-11-19 23:11 518016 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\LOBIBDCR.DLL + 2010-10-20 22:04 . 2010-10-20 22:04 178560 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\IETAG.DLL + 2011-02-12 07:49 . 2011-02-12 07:49 944520 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\GROOVEMN.EXE + 2010-10-20 23:08 . 2010-10-20 23:08 115584 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\EMABLT32.DLL + 2010-12-21 07:26 . 2010-12-21 07:26 519584 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\DWTRIG20.EXE + 2010-12-21 08:01 . 2010-12-21 08:01 210296 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\CLVIEW.EXE + 2010-12-28 07:50 . 2010-12-28 07:50 397144 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\CDLMSO.DLL + 2010-10-20 19:48 . 2010-10-20 19:48 998776 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\ASMAIN.DLL + 2010-10-20 19:48 . 2010-10-20 19:48 100792 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\ASLTS.DLL + 2010-12-28 07:51 . 2010-12-28 07:51 247200 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\ACEWSS.DLL + 2010-10-20 23:36 . 2010-10-20 23:36 164224 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\ACCWIZ.DLL + 2010-10-20 19:50 . 2010-10-20 19:50 129408 c:\windows\Installer\$PatchCache$\Managed\00004109 E60090400000000000F01FEC\14.0.6029\FPLACE.DLL + 2012-07-31 22:02 . 2012-07-31 22:02 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\Win dowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719 \WindowsFormsIntegration.ni.dll - 2012-06-14 10:34 . 2012-06-14 10:34 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\Win dowsFormsIntegra#\f4d304fcbfda323997083a1f88b83719 \WindowsFormsIntegration.ni.dll + 2012-07-31 22:01 . 2012-07-31 22:01 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0 \WindowsFormsIntegration.ni.dll - 2012-06-14 10:35 . 2012-06-14 10:35 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\Win dowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0 \WindowsFormsIntegration.ni.dll + 2012-01-18 19:34 . 2012-08-09 17:59 1759220 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2294860257-268734865-81461914-1000-12288.dat - 2012-04-05 01:51 . 2012-07-31 21:18 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2012-04-05 01:51 . 2012-07-31 21:50 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2012-04-05 01:51 . 2012-07-31 21:50 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2012-04-05 01:51 . 2012-07-31 21:18 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2012-04-05 01:51 . 2012-07-31 21:50 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2012-04-05 01:51 . 2012-07-31 21:18 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2012-04-05 01:51 . 2012-07-31 21:18 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2012-04-05 01:51 . 2012-07-31 21:50 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2011-03-19 06:03 . 2011-03-19 06:03 5463896 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\WRD12CNV.DLL + 2010-10-20 20:35 . 2010-10-20 20:35 1858400 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\WORDICON.EXE + 2010-10-20 19:45 . 2010-10-20 19:45 1199008 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\WKCONV.EXE + 2011-03-19 05:59 . 2011-03-19 05:59 1422680 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\WINWORD.EXE + 2010-12-21 08:15 . 2010-12-21 08:15 1041248 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\UMOUTLOOKADDIN. DLL + 2010-12-28 07:51 . 2010-12-28 07:51 2832792 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\STSLIST.DLL + 2010-10-28 23:33 . 2010-10-28 23:33 1100152 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\SETUP.EXE + 2011-09-02 07:35 . 2011-09-02 07:35 3792736 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\PPTICO.EXE + 2011-08-30 04:36 . 2011-08-30 04:36 2162024 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\POWERPNT.EXE + 2010-12-21 08:08 . 2010-12-21 08:08 5790056 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\OSETUP.DLL + 2010-12-28 04:31 . 2010-12-28 04:31 1177968 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\ONFILTER.DLL + 2011-03-02 15:43 . 2011-03-02 15:43 7278976 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\OFFOWC.DLL + 2010-12-21 09:45 . 2010-12-21 09:45 6629808 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\NL7MODELS0011.D LL + 2010-12-21 09:43 . 2010-12-21 09:43 2460080 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\NL7LEXICONS0011 .DLL + 2010-12-21 09:30 . 2010-12-21 09:30 7467440 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\NL7DATA0011.DLL + 2011-04-07 04:09 . 2011-04-07 04:09 9773416 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSPUB.EXE + 2010-10-20 19:48 . 2010-10-20 19:48 2182040 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\ASSAPIFE.DLL + 2010-10-20 20:35 . 2010-10-20 20:35 1449312 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\ACCICONS.EXE + 2012-07-31 22:00 . 2012-07-31 22:00 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Micros oft.Ink.ni.dll - 2012-06-14 10:34 . 2012-06-14 10:34 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Micros oft.Ink.ni.dll + 2012-08-07 23:00 . 2012-08-07 23:00 23800320 c:\windows\Installer\24105d3f.msi + 2011-03-19 05:59 . 2011-03-19 05:59 19389784 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\WWLIB.DLL + 2011-03-19 06:04 . 2011-03-19 06:04 13996384 c:\windows\Installer\$PatchCache$\Managed\00004119 110000000000000000F01FEC\14.0.6029\MSACCESS.EXE . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-05-09 06:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-05-09 06:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-05-09 06:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office14\GROOVEMN.EXE" [2011-02-12 944520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HostManager"="c:\program files (x86)\Common Files\AOL\1332206751\ee\AOLSoftware.exe" [2010-03-08 41800] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-05-09 1061520] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] . c:\users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPl ayerUpdateService.exe [2012-08-03 250056] R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bd sandbox.sys [2011-11-18 79952] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-03 33736] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-08 1255736] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504] S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdve disk.sys [2010-01-20 103944] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-27 203776] S2 AntUpdaterService;Ant Toolbar updater service;c:\program files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-06-29 520216] S2 Carbonite-Mirror-Image-Svc;Carbonite Mirror Image Backup Service;c:\program files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [2012-05-05 3168256] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-10 189608] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920] S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-14 66096] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atik mdag.sys [2011-01-27 9085952] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [2011-01-27 299520] S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736] S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4925184] . . Contents of the 'Scheduled Tasks' folder . 2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-05 13:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-05-09 06:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-05-09 06:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ca rbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-05-09 06:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-07 10810912] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.6:8090/codebase/DVM_IPCam2.ocx . - - - - ORPHANS REMOVED - - - - . WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PC W\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe . ************************************************** ************************ . Completion time: 2012-08-09 12:16:46 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-09 19:16 ComboFix2.txt 2012-07-31 21:37 . Pre-Run: 776,483,143,680 bytes free Post-Run: 776,508,350,464 bytes free . - - End Of File - - BE5B7DB484F956C0F5087F79D39A3090
|
|
#9
August 11th, 2012, 01:59 AM
|
|||
|
|||
|
..
Last edited by Hazmat1234; August 11th, 2012 at 02:27 AM.
|
|
#10
August 12th, 2012, 02:15 AM
|
||||
|
||||
|
Really not much in that either. That Itibiti should show in Control Panel - Uninstall/Programs and Features, to just double-click and uninstall. So we have not yet addressed this:
Quote:
|
|
#11
August 13th, 2012, 10:52 AM
|
|||
|
|||
|
I don't see Itibiti in the Control Panel? As far as all the files on the desktop, I ended up deleting the all and sending the to the recycle bin? Holding them there for awhile to make sure there aren't any issues. I deleted a total of 429 items? Mostly Adobe font files and pics?
As far as the systen restore, I think I read that the Windows 7, running 64 bit does not give you this option?? I am now able to redirect the browser back to Google. Before it would list blank in the control panel and I would change it to Google and it would revert back to blank?
|
|
#12
August 14th, 2012, 01:52 AM
|
||||
|
||||
|
No, I have never heard of any Windows versions since ME not having System Restore available.
Just a mention - the desktop is like human skin, so needs more or less breathe, and be free of things that interfere with that. And it's also just a folder in the user's files. Really need to only have shortcuts on the desktop, and any folders/files stored elsewhere. May be part of the issues there. Sounds like you exceeded the limit at least for thumbnail/shortcut icon views. For ititibiti (or however it is spelled), Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each: cd\ "MsiExec.exe /I{730E03E4-350E-48E5-9D3E-4329903D454D}" I read that last script as an install, though it shows as the uninstaller. Be sure to have it remove everything. Then in the Command Window, type exit and press Enter to close the window. ---------- ComboFix shows Registry keys locked out from user access, which is very atypical for legit program functions. Removing the restrictions usually does not effect much in any obvious way, but may help in other areas. These entries web search as showing mostly recent activity. Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it: Code:
KillAll::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan. ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Hijacked Browser | peterm69 | Malware Removal | 5 | September 3rd, 2007 12:09 AM |
| Browser Hijacked - Tried Everything!! | putt44 | Malware Removal | 3 | August 20th, 2004 03:33 AM |
| Hijacked browser 2 | Mary Ann | Malware Removal | 1 | June 27th, 2004 04:10 AM |
| browser hijacked! | laffytaffy | Malware Removal | 7 | June 17th, 2004 12:10 PM |
| Hijacked Browser | Quality-1 | Malware Removal | 9 | May 10th, 2004 06:16 AM |
All times are GMT +1. The time now is 10:57 PM.