locked
Help!, the hackers hacked, adware added, horses where definitely trojan and I would seem to have possibly finished the job due to ignorance RRS feed

  • Question

  • I've posted the larger of the logs below and have the other for whenever someone who's willing to take pity on me needs it. I also have earlier versions if that would help. I've been saving logs like crazy since last night. So, in a nutshell, the subject line above pretty much covers it. It's a long story, so in the interest of brevity I will say simply that our website was apparently hacked, the host didn't care and said it was our issue, my biz partner (as my computer lay dieing on Vista) installs Win7 (plus a new HD! Yay!), all seems well, but wait...Graboid gave me a virus, though they claim it's not theirs...though on the last three major tech issues with them, I've been right from the beginning and they...well...weren't -- happy. Virus was made worse by the apparent and accidental activation of a Trojan (and a few of them Rooty Kit thangs), that were hiding in my downloaded and stored copy of our SQL site database when I moved to our new host, by what appears to have been a move to my second HD. The worst thing? I paid money for Vipre and more to upgrade to Pro and get the firewall...and it never saw a thing, except the occasional innocuous cookie or two. It took the Graboid Tech guy (in my system on a remote house call) to download a couple of new anti-malware programs and suggest a new firewall (all have free versions, though I've now paid something for one of them (lifetime for $20? Why not?) and I've paid for a couple of system keeping programs as well and I've downloaded or had one suddenly upgrade and add a feature on me, six...yes, that's six more anti-malware programs. Why? Because they all caught something different, even when I would run the scans back to back with the wireless card turned off. They all found something different and aside from continued browser hijacking (installed even more new stuff on Firefox to stop that and that stuff conflict with sites I need like AOL mail and...well...here. Oh, and did I mention that for at least two months I haven't been able to get Windows Update to work? Can't even go in through the site...I get they old "the server reset...try again" routine every time. Which is more than what the version in Windows told me...it just said it was stopped and three a code at me (which took me a while to find at the support site). The last time I get updates, I was able to get on the site and had to download them one at a time and install them. It was a pain, but at least I got 'em. And the ones I missed? Of course they dealt with remote access, which is part of what happened to me, I know. Guess they didn't want me getting the updates and locking them out. Though, why in the world they are so interested in broke me, I have no idea. All of my personal accounts have been fine and still are...and they're pretty much empty anyway, so it's not money. My identity perhaps? That's not gonna get them very far either these days. No credit on my name! But I digress, and I believe I was supposed to be keeping this short..but hey, it's just not that short of a story. Ok, so the Graboid dude said the OS was too far gone by the virus and I needed to just reinstall. Well, I knew it was something obvious and that there was still something hiding on there. I could have installed again and started back where I was just this April all over again with reinstalling everything and getting it all back in shape (and I hate moving files back and forth all the time and my files can be large, especially all in folders....so it takes a while. A while when I can't watch my TV (I use the internet, no cable here) or do...oh...anything really.) Ok...moving on..so Graboid says reinstall, but I said, "not so fast." I installed AVG9 (great BTW, at first...until it takes over your system and you can't shut it down and it's multiplying like a jar of Wesley's nannites! I know, it's tech, I had to do it once), and AVG is the one program that found the culprit. At least, the one that was causing Graboid to crash as soon as it loaded. It was a a phony lsp, called lsp461D.dll and it had duplicated each point of access to the web and I didn't know since it was in System 32 and used svchost (I hate that little piece of Windows...it's not a friendly little bus driver and in until i needed to find additional software to get them to reveal just what they were doing so much and fast, I had no clue how to find out. So, lsp is gone, Graboid's working, I'm doing the happy dance! That's when the browsers keep finding themselves hijacked...more and more. Well, there must be something else, something I haven't found yet (or the 7 different anti-malware-seeking-supposedly-death-on-their-virtual-wheels-to-anyone-who-dares-cross-me-or-my-computer). So I randomly begin scanning with different ones and try to keep them up to date. Last week, AVG had to go...the adware cookies that were in my ...windows temp folder I believe it was and they would not, could not, refused to be deleted or even quarantined...so daddy's around somewhere, protecting his little annoyances...and annoying is right, if it wasn't them hijacking my browser, it was freaking AVG constantly popping up a window with a threat warning. I would tell to remove them, the screen showed that it didn't do anything but it would go off and then pop right back up. So, here is when I think I began to be the proverbial nail, completely clueless to the hammer made of bytes and silicon wrapped in a heavy composite shell that was about to stealthily creep up behind me and conk me clean on the head. And the hand holding that hammer? Windows 7. More specifically...the ownership rules of Windows 7 folders (especially like...system folders) and the very, very, very angry registry that it ticked off. And I had been so good to my registry. I hate pieces and parts of programs I didn't want anymore hanging around, so I had Iolo System Mechanic (and it's trusty monitoring gadget) and since this all started, even added Uniblue's Registry clean up...had CC Cleaner, but forgot I did until yesterday when it was suddenly the only software that worked on the registry that I could get to launch. Yes...within the past week I've...confused...the permissions on certain folders (Windows and Winsys...and maybe another one...I'm not sure it was all a blur). In my defense, it started with those darn adware boogers. I had to change the folder view just to see the folder where they were, then I had to alter the persmission on it so I could get in there manually and take 'sm out...then they wouldn't delete or anything...they would just come back...over and over again like ants that won't die and are insisting on ruining what would've been a very nice meal otherwise. So I changed a permission on one, deleted it...it worked....but there were too many...so I made the folder to propagate and even though it warned me...I hadn't really altered that much...I had taken ownership but SYSTEM still had its privileges...and so did Trusted Installer...who didn't show up when I looked at the various groups and who was in them...so, knowing someone had been in my system...repeatedly...began to look for folder permissions and user names that didn't seem to be quite right. But...I, who usually have much a great deal of common sense...allowed my common sense to temporarily become intermingled and become momentarily indistinguishable from my "I-know-what-I'm-doing-I-have-great-common-sense, ignorant moron part of me and I just thought I would be clear on how I adjust the permissions and since they're all ready linked ot parent and sibling folders and files...why not keep 'em that way. But then you have the ones where access is denied and they can't be changed and those areas where the rule was different but I didn't know because I was impatient and tired of fixing my computer so I didn't want to take the time to find certain then helpful -- now, not so much -- information. Oh, but first, the device manager had lost the right driver for my main drive apparently before permissions became an issue and it thought my main drive (500GB) was my SD card slot (where I have an 8gig card with half on ready boost). But everything still worked correctly...hmmmm. As of a day before my disastrous folly, the device manager was not seeing hardware correctly or finding and installing the drivers correctly. I'm assuming this was caused by the, at least one person who likes to get into my computer and play around (maybe they like my ____..who knows). So...the funny thing? I was working on trying to find a way to roll back to an earlier restore point then those offered, because believe it or not, in the permissions and turning off services...like almost all of them while connected to the internet (I forgot to mention that one didn't I? Just before I did the permissions thing...yeah.) Lack of sleep and at least three months of constant stress from your computer and from work, etc...you make some...not so good decisions at 4am for the third night in a row because you've become obsessed with solving the riddle before you and really don't want to have to get all those programs and install them again...and can you tell last night was now night three in this run and it was a d oozy. So...in the midst of permission-gate, I actually managed to find and destroy the culprit that was hiding and controlling from the shadows. Actually, it was the newest piece of installed anti-virus, real time protection software I only just installed like two days ago when this ...stuff...hit the maniacally spinning hard drive disk, which sent it spinning into the ether. Let's just hope it doesn't land somewhere where it could cause an international incident. It was really spinning these last couple or three days. So, I found the virus that was protecting and controlling the ad-ware and making my life a not to happy part of crazy-time. So..really didn't want to roll back to the only earlier restore point I had prior to the permission issues and such. That little guy would've been back..and I may not have found it again. It had already disguised itself, cleverly, as the supposed Uninstall.exe file for my Contour for Windows program. Avast found it...revealed its true nature, then informed me that a part of Windows wasn't on my system that should be. I can't remember its name at the moment (remember, pretty much no sleep), but it was a .bat file, that I do recall. And unfortunately, I can't get into Avast at the moment to pull up the log since, sadly it was the first program to suffer being slowly eaten away out of existence by a system that was just doing nothing but finding what parts it had when it was about two months younger and less disease ridden. You know, like the "Nothing" in Fantasia or the warp bubble Beverly was trapped in in that TNG episode? Funny I think I can understand a bit better how those characters were feeling now. It wasn't me, personally, being taken out of this world bit by bit and byte by byte, but Avast was the only one who found that hiding little........and now, he was gone. Sucked down into the now ever increasing size and complexity of what was once my Windows 7 registry as it grew and grew exponentially as a side affect of my OS trying to put itself back in time two months and my initially amazed self that the first reboot seemed to make my system work better than it has in....oh...two month or so. But, like the viruses (viri?) and digital billboards that once infested another part of its body; the ironic thing is that the very part of it's little silicon, composite and plastic body that's responsible for turning back time and making su both feel so much better (At first. For like maybe an hour until I realized...oh!)...would become, itself, a type of virus...nay...a cancer that would bring about its final demise. Ok...sorry, I had to get it out and why not have some fun with it...right? I hope someone can make sense and help me stop the propagation of little registry bugs throughout my main drive. Oh...you don't think they would.... No, they couldn't. They can't jump drives can they? Or start spreading through the internet, devouring other people's registries, making their programs slowly vanish into oblivion (I mean really, where do the missing pieces just vanish to? They should be there, just in another folder...what's now the wrong folder that's buried several folders deep...so why can't you just do a search for it and find it? It's because the cancerous registry is just that powerful. And ...be afraid. Be very afraid. LOL! Would you guess I'm a writer? And other major roles in the entertainment area of...entertainment and so, you see, this laptop and I are very close and I'm not feeling the desire or desiring the need to train and get to know another one. That's what it is, you know. Like Doctor Who. A new personality every time. And I really liked this one. I hated the Vista one. No offense, she was a...well, you know what I mean. Looking forward to making miracles happen! He's in safe mode with network at the moment (and a few things turned on that usually wouldn't like sound...because I really do need my computer and I don't dare boot it up normally. I mean, my god, the registry would become like...The Blob or something...growing even faster once you feed it more radiation (or in this case processes the fuel the confusion and thus hasten the end). Call me. Or, just reply here, I'll get the notification. "Reply to me" just doesn't have the same ring....no. ;-D Sincerely, A Flessas (as fed up and worried and over it all as I have been wordy in this post)   However, due to my creative wordiness, I apparently have now run out of space in this post, there fore I will send the logs in a second post.  Sorry agbout that. 
    Saturday, September 25, 2010 5:55 PM

All replies

  • And now the moment you've been waiting for! My System scan reports. Here are the first two. It just did another one but I'll hold on that for now: DDS (Ver_10-03-17.01) - NTFSx86 DSREPAIR Run by Anthony at 23:21:26.93 on Fri 09/24/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2152 [GMT -7:00] SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\lxeecoms.exe C:\Windows\System32\snmptrap.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Dwm.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\ctfmon.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\IObit\IObit Security 360\is360.exe C:\Program Files\IObit\IObit Security 360\is360tray.exe C:\Program Files\IObit\IObit Security 360\is360srv.exe C:\Program Files\iolo\System Mechanic\SysMech.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\Windows\system32\taskeng.exe C:\Program Files\UnHackMe\hackmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\rundll32.exe C:\Users\Anthony\Downloads\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uSearch Page = uStart Page = about:blank uSearch Bar = uInternet Settings,ProxyOverride = *.local uURLSearchHooks: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files\icu2\tbiCu2.dll mURLSearchHooks: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files\icu2\tbiCu2.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files\icu2\tbiCu2.dll BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Updater For ooVoo Toolbar: {442ae524-eba5-4b17-82f3-888d68bc999a} - c:\program files\oovootb\auxi\oovooAu.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files\icu2\tbiCu2.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart mRunOnce: [SMRequiresRestart] mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: S&end to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - Windows DreamScene SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\17aw50sc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\anthony\appdata\roaming\mozilla\plugins\np-mswmp.dll FF - plugin: c:\windows\system32\npmirage.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-9-24 35816] R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2010-9-24 20392] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-27 78936] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-10 711352] R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-9-24 312152] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-14 69976] R3 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-12 257568] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-22 40384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe --> c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [?] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-22 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-22 40384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-4 29472] S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-22 136176] S3 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2010-7-7 193192] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 osppsvc;Office Software Protection Platform;c:\windows\system32\osppsvc.exe --> c:\windows\system32\OSPPSVC.EXE [?] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-8-26 24416] S3 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-8-20 181584] S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-10 711352] S4 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-8-20 2763080] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 regfile=NOTEPAD.EXE %1 scrfile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2010-09-25 04:52:19 0 d-----w- c:\program files\GRETECH 2010-09-24 23:39:35 0 d-----w- c:\program files\Microsoft Games 2010-09-24 23:33:21 0 d-----w- C:\inetpub 2010-09-24 14:51:41 37600 ----a-w- c:\windows\system32\Partizan.exe 2010-09-24 14:51:41 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2010-09-24 13:10:52 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys 2010-09-24 09:15:51 0 d-----w- c:\programdata\IObit 2010-09-24 09:05:55 0 d-----w- c:\users\anthony\appdata\roaming\IObit 2010-09-24 09:05:55 0 d-----w- c:\program files\IObit 2010-09-24 07:35:22 170272 ----a-w- c:\windows\system32\drivers\snapman.sys 2010-09-24 03:27:40 65 ----a-w- C:\AUTORUN.INF 2010-09-24 03:27:40 39936 ----a-w- c:\windows\system32\HUFFYUV.DLL 2010-09-22 21:27:00 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-09-22 21:26:26 38848 ----a-w- c:\windows\avastSS.scr 2010-09-22 21:26:23 0 d-----w- c:\programdata\Alwil Software 2010-09-22 16:07:20 3536 ------w- C:\bootsqm.dat 2010-09-22 13:09:56 0 d-----w- c:\program files\Western Digital 2010-09-22 12:56:29 8960 ----a-w- c:\windows\system32\drivers\oxusb.sys 2010-09-22 12:56:29 8064 ----a-w- c:\windows\system32\drivers\OxUSBLF.sys 2010-09-22 12:56:29 303104 ----a-w- c:\windows\system32\1394_api.dll 2010-09-22 12:56:29 17792 ----a-w- c:\windows\system32\drivers\OXUDIDRV_X32.sys 2010-09-22 12:56:29 12672 ----a-w- c:\windows\system32\drivers\OxFWLF.sys 2010-09-22 12:56:27 0 d-----w- c:\program files\Oxford Semiconductor 2010-09-22 07:37:14 406161 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-09-20 17:22:13 65536 --sha-w- c:\users\anthony\ntuser.dat{d966702d-c4da-11df-b44d-806e6f6e6963}.TM.blf 2010-09-20 17:22:13 524288 --sha-w- c:\users\anthony\ntuser.dat{d966702d-c4da-11df-b44d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms 2010-09-20 17:22:13 524288 --sha-w- c:\users\anthony\ntuser.dat{d966702d-c4da-11df-b44d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms 2010-09-20 00:27:01 65536 --sha-w- c:\users\anthony\ntuser.dat{9b6c3c5e-c447-11df-b1cc-00e0b8dbc4d7}.TM.blf 2010-09-20 00:27:01 524288 --sha-w- c:\users\anthony\ntuser.dat{9b6c3c5e-c447-11df-b1cc-00e0b8dbc4d7}.TMContainer00000000000000000002.regtrans-ms 2010-09-20 00:27:01 524288 --sha-w- c:\users\anthony\ntuser.dat{9b6c3c5e-c447-11df-b1cc-00e0b8dbc4d7}.TMContainer00000000000000000001.regtrans-ms 2010-09-19 16:51:28 91 ----a-w- c:\users\anthony\appdata\roaming\netstat.bat 2010-09-17 13:23:08 0 d-----w- c:\users\anthony\appdata\roaming\magicJackOutlookAddIn 2010-09-16 21:02:16 65536 --sha-w- c:\users\anthony\ntuser.dat{7c5f7959-c1c7-11df-88bf-00e0b8dbc4d7}.TM.blf 2010-09-16 21:02:16 524288 --sha-w- c:\users\anthony\ntuser.dat{7c5f7959-c1c7-11df-88bf-00e0b8dbc4d7}.TMContainer00000000000000000002.regtrans-ms 2010-09-16 21:02:16 524288 --sha-w- c:\users\anthony\ntuser.dat{7c5f7959-c1c7-11df-88bf-00e0b8dbc4d7}.TMContainer00000000000000000001.regtrans-ms 2010-09-16 20:00:47 0 d-----w- c:\program files\common files\xing shared 2010-09-16 19:34:57 203776 ----a-w- c:\windows\system32\clrviddc.dll 2010-09-16 16:59:30 0 ----a-w- c:\windows\system32\AASWC5-10383A-AB7F99 2010-09-11 03:02:06 20 ----a-w- c:\windows\system32\SYSTEM 2010-09-09 11:10:10 0 d-----w- c:\users\anthony\appdata\roaming\Uniblue 2010-09-09 11:10:03 0 d-----w- c:\program files\Uniblue 2010-09-09 00:15:54 376 ----a-w- c:\windows\ODBC.INI 2010-09-06 02:25:34 0 d-----w- c:\programdata\Yahoo! Companion 2010-09-05 16:01:41 0 d-----w- c:\programdata\avg9 2010-09-05 15:58:59 0 d-----w- c:\program files\AVG 2010-09-05 15:41:42 65536 --sha-w- c:\users\anthony\ntuser.dat{7209c72d-b903-11df-b7e3-806e6f6e6963}.TM.blf 2010-09-05 15:41:42 524288 --sha-w- c:\users\anthony\ntuser.dat{7209c72d-b903-11df-b7e3-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms 2010-09-05 15:41:42 524288 --sha-w- c:\users\anthony\ntuser.dat{7209c72d-b903-11df-b7e3-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms 2010-09-05 15:07:15 0 d-----w- c:\users\anthony\appdata\roaming\Registry Mechanic 2010-09-05 14:52:05 0 d---a-w- c:\programdata\TEMP 2010-09-04 23:48:58 0 d-----w- c:\programdata\Sun 2010-09-04 23:48:38 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-30 21:53:21 56320 ----a-w- c:\windows\system32\iyvu9_32.dll 2010-08-30 21:53:21 136704 ----a-w- c:\windows\system32\iacenc.dll 2010-08-30 21:53:20 0 d-----w- c:\program files\Ligos 2010-08-30 14:24:14 0 d--h--w- C:\VritualRoot 2010-08-30 14:20:03 0 d-----w- c:\programdata\COMODO 2010-08-30 14:09:32 0 d-----w- c:\program files\COMODO 2010-08-30 14:06:57 0 d-----w- c:\programdata\Comodo Downloader 2010-08-30 11:26:41 0 d-----w- c:\program files\Ashampoo 2010-08-28 11:06:02 0 d-----r- c:\users\anthony\Virtual Machines 2010-08-28 10:58:50 224256 ----a-w- c:\windows\system32\schannel.dll 2010-08-28 10:56:52 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-08-28 10:54:44 3964800 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-28 10:54:42 3909512 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-28 10:50:30 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-28 10:50:30 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-28 10:50:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-28 10:48:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-08-28 10:48:21 978432 ----a-w- c:\windows\system32\wininet.dll 2010-08-28 10:45:53 1233920 ----a-w- c:\windows\system32\msxml3.dll 2010-08-28 10:43:10 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-08-28 10:40:30 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-08-28 10:40:29 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-08-28 10:38:10 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-28 07:51:43 0 d-----w- c:\users\anthony\appdata\roaming\SUPERAntiSpyware.com 2010-08-28 07:51:43 0 d-----w- c:\programdata\SUPERAntiSpyware.com 2010-08-28 07:51:35 0 d-----w- c:\program files\SUPERAntiSpyware 2010-08-27 21:37:31 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys 2010-08-27 21:37:31 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys 2010-08-27 21:18:31 0 d-----w- c:\windows\system32\XPSViewer 2010-08-27 21:18:30 896 ----a-w- c:\windows\system32\wbem\ServiceModel.mof.uninstall 2010-08-27 21:18:30 83607 ----a-w- c:\windows\system32\wbem\ServiceModel.mof 2010-08-27 21:15:18 0 d-----w- c:\program files\CCleaner 2010-08-27 20:52:26 0 d-----w- c:\users\anthony\appdata\roaming\Malwarebytes 2010-08-27 20:52:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-27 20:52:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-27 20:52:11 0 d-----w- c:\programdata\Malwarebytes 2010-08-27 20:52:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-27 20:26:32 0 d-----w- c:\program files\Graboid 2010-08-27 00:20:09 0 d-----w- c:\windows\RestoreSafeDeleted 2010-08-27 00:17:00 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-08-26 17:21:11 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2010-08-26 17:20:45 0 d-----w- c:\program files\UnHackMe 2010-08-26 10:00:10 0 d-----w- C:\graboid ==================== Find3M ==================== 2010-09-25 05:43:59 690538 ----a-w- c:\windows\system32\perfh019.dat 2010-09-25 05:43:59 657342 ----a-w- c:\windows\system32\perfh007.dat 2010-09-25 05:43:59 134414 ----a-w- c:\windows\system32\perfc019.dat 2010-09-25 05:43:59 131450 ----a-w- c:\windows\system32\perfc007.dat 2010-09-16 19:59:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-09-16 19:59:14 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-08-27 21:18:23 43318 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2010-08-27 21:18:23 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont 2010-08-27 21:18:23 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont 2010-08-27 21:18:23 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont 2010-08-21 04:36:33 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys 2010-08-20 16:18:40 27984 ----a-w- c:\windows\system32\sbbd.exe 2010-08-15 03:48:08 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-07-27 11:48:30 220760 ----a-w- c:\windows\system32\drivers\SbFw.sys 2010-07-07 21:54:56 539232 ----a-w- c:\windows\system32\LVUI2RC.dll 2010-07-07 21:54:32 543328 ----a-w- c:\windows\system32\LVUI2.dll 2010-07-07 21:50:28 203360 ----a-w- c:\windows\system32\lvci1301788.dll 2010-07-07 21:50:06 416352 ----a-w- c:\windows\system32\lvcodec2.dll 2010-07-07 21:44:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe 2010-07-07 21:44:30 10829656 ----a-w- c:\windows\system32\LogiDPP.dll 2010-07-07 21:44:20 290648 ----a-w- c:\windows\system32\DevManagerCore.dll 2010-07-07 21:36:16 37518 ----a-w- c:\windows\system32\Repository.reg 2010-07-06 22:16:12 94384 ----a-w- c:\windows\system32\IncContxMenu.dll 2010-07-06 22:16:06 2319536 ----a-w- c:\windows\system32\Incinerator.dll 2009-09-05 21:18:44 38104 ----a-w- c:\windows\inf\perflib\0407\perfd.dat 2009-09-05 21:18:44 38104 ----a-w- c:\windows\inf\perflib\0407\perfc.dat 2009-09-05 21:18:44 295922 ----a-w- c:\windows\inf\perflib\0407\perfi.dat 2009-09-05 21:18:44 295922 ----a-w- c:\windows\inf\perflib\0407\perfh.dat 2009-07-14 08:40:40 39446 ----a-w- c:\windows\inf\perflib\0419\perfd.dat 2009-07-14 08:40:40 39446 ----a-w- c:\windows\inf\perflib\0419\perfc.dat 2009-07-14 08:40:40 336704 ----a-w- c:\windows\inf\perflib\0419\perfi.dat 2009-07-14 08:40:40 336704 ----a-w- c:\windows\inf\perflib\0419\perfh.dat 2009-07-14 08:40:40 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 08:40:40 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 08:40:40 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 08:40:40 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-04-08 03:59:25 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 23:22:07.50 =============== And the Second: DDS (Ver_10-03-17.01) - NTFSx86 DSREPAIR Run by Anthony at 4:38:55.56 on Sat 09/25/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1621 [GMT -7:00] SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\dllhost.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\snmptrap.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\IObit\IObit Security 360\is360srv.exe C:\Windows\System32\msdtc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\UI0Detect.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskmgr.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Windows\system32\mmc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\defrag.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k defragsvc C:\Users\Anthony\DOWNLO~1\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = uStart Page = about:blank uSearch Bar = uInternet Settings,ProxyOverride = *.local uURLSearchHooks: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files\icu2\tbiCu2.dll uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll mURLSearchHooks: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files\icu2\tbiCu2.dll mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files\icu2\tbiCu2.dll BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Updater For ooVoo Toolbar: {442ae524-eba5-4b17-82f3-888d68bc999a} - c:\program files\oovootb\auxi\oovooAu.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: iCu2 Toolbar: {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - c:\program files\icu2\tbiCu2.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyAs.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File uRun: [Sup_SmartRAM.exe] c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe uRun: [SBAMSvc.exe] c:\program files\sunbelt software\vipre\SBAMSvc.exe uRun: [sttray.exe] c:\program files\idt\gatewayxpv_12\wdm\sttray.exe uRun: [IObit SmartDefrag.exe] c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe uRun: [AWC.exe] c:\program files\iobit\advanced systemcare 3\AWC.exe uRun: [SUPERANTISPYWARE.EXE] c:\program files\superantispyware\SUPERANTISPYWARE.EXE uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERANTISPYWARE.EXE uRun: [magicJackLoader.exe] c:\users\anthony\appdata\roaming\mjusbsp\magicJackLoader.exe uRun: [cdloader2.exe] c:\users\anthony\appdata\roaming\mjusbsp\cdloader2.exe uRun: [magicJack.exe] c:\users\anthony\appdata\roaming\mjusbsp\magicJack.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRunOnce: [SMRequiresRestart] mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: S&end to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - Windows DreamScene SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\17aw50sc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - prefs.js: network.proxy.type - 0 FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\17aw50sc.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll FF - component: c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\17aw50sc.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\anthony\appdata\roaming\mozilla\plugins\np-mswmp.dll FF - plugin: c:\windows\system32\npmirage.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2010-9-24 20392] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-27 78936] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-10 711352] R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-9-24 312152] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-14 69976] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-12 257568] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-22 40384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe --> c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [?] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-22 40384] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-22 40384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-4 29472] S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-22 136176] S3 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?] S3 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2010-7-7 193192] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 osppsvc;Office Software Protection Platform;c:\windows\system32\osppsvc.exe --> c:\windows\system32\OSPPSVC.EXE [?] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-8-26 24416] S3 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-8-20 181584] S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-10 711352] S4 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-8-20 2763080] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 regfile=NOTEPAD.EXE %1 scrfile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2010-09-25 09:56:16 594208 ----a-w- c:\windows\system32\drivers\timntr.sys 2010-09-25 09:56:12 170272 ----a-w- c:\windows\system32\drivers\snman541.sys 2010-09-25 09:55:01 170272 ----a-w- c:\windows\system32\drivers\snapman.sys 2010-09-25 06:28:53 0 d-----w- c:\program files\MyAshampoo 2010-09-25 04:52:19 0 d-----w- c:\program files\GRETECH 2010-09-24 23:39:35 0 d-----w- c:\program files\Microsoft Games 2010-09-24 23:33:21 0 d-----w- C:\inetpub 2010-09-24 13:10:52 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys 2010-09-24 09:15:51 0 d-----w- c:\programdata\IObit 2010-09-24 09:05:55 0 d-----w- c:\users\anthony\appdata\roaming\IObit 2010-09-24 09:05:55 0 d-----w- c:\program files\IObit 2010-09-24 03:27:40 65 ----a-w- C:\AUTORUN.INF 2010-09-24 03:27:40 39936 ----a-w- c:\windows\system32\HUFFYUV.DLL 2010-09-22 21:27:00 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-09-22 21:26:26 38848 ----a-w- c:\windows\avastSS.scr 2010-09-22 21:26:23 0 d-----w- c:\programdata\Alwil Software 2010-09-22 16:07:20 3536 ------w- C:\bootsqm.dat 2010-09-22 13:09:56 0 d-----w- c:\program files\Western Digital 2010-09-22 12:56:29 8960 ----a-w- c:\windows\system32\drivers\oxusb.sys 2010-09-22 12:56:29 8064 ----a-w- c:\windows\system32\drivers\OxUSBLF.sys 2010-09-22 12:56:29 303104 ----a-w- c:\windows\system32\1394_api.dll 2010-09-22 12:56:29 17792 ----a-w- c:\windows\system32\drivers\OXUDIDRV_X32.sys 2010-09-22 12:56:29 12672 ----a-w- c:\windows\system32\drivers\OxFWLF.sys 2010-09-22 12:56:27 0 d-----w- c:\program files\Oxford Semiconductor 2010-09-22 07:37:14 406161 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-09-20 17:22:13 65536 --sha-w- c:\users\anthony\ntuser.dat{d966702d-c4da-11df-b44d-806e6f6e6963}.TM.blf 2010-09-20 17:22:13 524288 --sha-w- c:\users\anthony\ntuser.dat{d966702d-c4da-11df-b44d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms 2010-09-20 17:22:13 524288 --sha-w- c:\users\anthony\ntuser.dat{d966702d-c4da-11df-b44d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms 2010-09-20 00:27:01 65536 --sha-w- c:\users\anthony\ntuser.dat{9b6c3c5e-c447-11df-b1cc-00e0b8dbc4d7}.TM.blf 2010-09-20 00:27:01 524288 --sha-w- c:\users\anthony\ntuser.dat{9b6c3c5e-c447-11df-b1cc-00e0b8dbc4d7}.TMContainer00000000000000000002.regtrans-ms 2010-09-20 00:27:01 524288 --sha-w- c:\users\anthony\ntuser.dat{9b6c3c5e-c447-11df-b1cc-00e0b8dbc4d7}.TMContainer00000000000000000001.regtrans-ms 2010-09-19 16:51:28 91 ----a-w- c:\users\anthony\appdata\roaming\netstat.bat 2010-09-17 13:23:08 0 d-----w- c:\users\anthony\appdata\roaming\magicJackOutlookAddIn 2010-09-16 21:02:16 65536 --sha-w- c:\users\anthony\ntuser.dat{7c5f7959-c1c7-11df-88bf-00e0b8dbc4d7}.TM.blf 2010-09-16 21:02:16 524288 --sha-w- c:\users\anthony\ntuser.dat{7c5f7959-c1c7-11df-88bf-00e0b8dbc4d7}.TMContainer00000000000000000002.regtrans-ms 2010-09-16 21:02:16 524288 --sha-w- c:\users\anthony\ntuser.dat{7c5f7959-c1c7-11df-88bf-00e0b8dbc4d7}.TMContainer00000000000000000001.regtrans-ms 2010-09-16 20:00:47 0 d-----w- c:\program files\common files\xing shared 2010-09-16 19:34:57 203776 ----a-w- c:\windows\system32\clrviddc.dll 2010-09-16 16:59:30 0 ----a-w- c:\windows\system32\AASWC5-10383A-AB7F99 2010-09-11 03:02:06 20 ----a-w- c:\windows\system32\SYSTEM 2010-09-09 11:10:10 0 d-----w- c:\users\anthony\appdata\roaming\Uniblue 2010-09-09 11:10:03 0 d-----w- c:\program files\Uniblue 2010-09-09 00:15:54 376 ----a-w- c:\windows\ODBC.INI 2010-09-06 02:25:34 0 d-----w- c:\programdata\Yahoo! Companion 2010-09-05 16:01:41 0 d-----w- c:\programdata\avg9 2010-09-05 15:58:59 0 d-----w- c:\program files\AVG 2010-09-05 15:41:42 65536 --sha-w- c:\users\anthony\ntuser.dat{7209c72d-b903-11df-b7e3-806e6f6e6963}.TM.blf 2010-09-05 15:41:42 524288 --sha-w- c:\users\anthony\ntuser.dat{7209c72d-b903-11df-b7e3-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms 2010-09-05 15:41:42 524288 --sha-w- c:\users\anthony\ntuser.dat{7209c72d-b903-11df-b7e3-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms 2010-09-05 15:07:15 0 d-----w- c:\users\anthony\appdata\roaming\Registry Mechanic 2010-09-05 14:52:05 0 d---a-w- c:\programdata\TEMP 2010-09-04 23:48:58 0 d-----w- c:\programdata\Sun 2010-09-04 23:48:38 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-30 21:53:21 56320 ----a-w- c:\windows\system32\iyvu9_32.dll 2010-08-30 21:53:21 136704 ----a-w- c:\windows\system32\iacenc.dll 2010-08-30 21:53:20 0 d-----w- c:\program files\Ligos 2010-08-30 14:24:14 0 d--h--w- C:\VritualRoot 2010-08-30 14:20:03 0 d-----w- c:\programdata\COMODO 2010-08-30 14:09:32 0 d-----w- c:\program files\COMODO 2010-08-30 14:06:57 0 d-----w- c:\programdata\Comodo Downloader 2010-08-30 11:26:41 0 d-----w- c:\program files\Ashampoo 2010-08-28 11:06:02 0 d-----r- c:\users\anthony\Virtual Machines 2010-08-28 07:51:43 0 d-----w- c:\users\anthony\appdata\roaming\SUPERAntiSpyware.com 2010-08-28 07:51:43 0 d-----w- c:\programdata\SUPERAntiSpyware.com 2010-08-28 07:51:35 0 d-----w- c:\program files\SUPERAntiSpyware 2010-08-27 21:37:31 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys 2010-08-27 21:37:31 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys 2010-08-27 21:18:31 0 d-----w- c:\windows\system32\XPSViewer 2010-08-27 21:18:30 896 ----a-w- c:\windows\system32\wbem\ServiceModel.mof.uninstall 2010-08-27 21:18:30 83607 ----a-w- c:\windows\system32\wbem\ServiceModel.mof 2010-08-27 21:15:18 0 d-----w- c:\program files\CCleaner 2010-08-27 20:52:26 0 d-----w- c:\users\anthony\appdata\roaming\Malwarebytes 2010-08-27 20:52:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-27 20:52:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-27 20:52:11 0 d-----w- c:\programdata\Malwarebytes 2010-08-27 20:52:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-27 20:26:32 0 d-----w- c:\program files\Graboid 2010-08-27 00:20:09 0 d-----w- c:\windows\RestoreSafeDeleted 2010-08-27 00:17:00 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-08-26 17:21:11 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2010-08-26 17:20:45 0 d-----w- c:\program files\UnHackMe ==================== Find3M ==================== 2010-09-25 10:28:22 690538 ----a-w- c:\windows\system32\perfh019.dat 2010-09-25 10:28:22 657342 ----a-w- c:\windows\system32\perfh007.dat 2010-09-25 10:28:22 134414 ----a-w- c:\windows\system32\perfc019.dat 2010-09-25 10:28:22 131450 ----a-w- c:\windows\system32\perfc007.dat 2010-09-16 19:59:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-09-16 19:59:14 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-08-27 21:18:23 43318 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2010-08-27 21:18:23 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont 2010-08-27 21:18:23 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont 2010-08-27 21:18:23 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont 2010-08-21 04:36:33 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys 2010-08-20 16:18:40 27984 ----a-w- c:\windows\system32\sbbd.exe 2010-08-15 03:48:08 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-07-27 11:48:30 220760 ----a-w- c:\windows\system32\drivers\SbFw.sys 2010-07-07 21:54:56 539232 ----a-w- c:\windows\system32\LVUI2RC.dll 2010-07-07 21:54:32 543328 ----a-w- c:\windows\system32\LVUI2.dll 2010-07-07 21:50:28 203360 ----a-w- c:\windows\system32\lvci1301788.dll 2010-07-07 21:50:06 416352 ----a-w- c:\windows\system32\lvcodec2.dll 2010-07-07 21:44:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe 2010-07-07 21:44:30 10829656 ----a-w- c:\windows\system32\LogiDPP.dll 2010-07-07 21:44:20 290648 ----a-w- c:\windows\system32\DevManagerCore.dll 2010-07-07 21:36:16 37518 ----a-w- c:\windows\system32\Repository.reg 2010-07-06 22:16:12 94384 ----a-w- c:\windows\system32\IncContxMenu.dll 2010-07-06 22:16:06 2319536 ----a-w- c:\windows\system32\Incinerator.dll 2009-09-05 21:18:44 38104 ----a-w- c:\windows\inf\perflib\0407\perfd.dat 2009-09-05 21:18:44 38104 ----a-w- c:\windows\inf\perflib\0407\perfc.dat 2009-09-05 21:18:44 295922 ----a-w- c:\windows\inf\perflib\0407\perfi.dat 2009-09-05 21:18:44 295922 ----a-w- c:\windows\inf\perflib\0407\perfh.dat 2009-07-14 08:40:40 39446 ----a-w- c:\windows\inf\perflib\0419\perfd.dat 2009-07-14 08:40:40 39446 ----a-w- c:\windows\inf\perflib\0419\perfc.dat 2009-07-14 08:40:40 336704 ----a-w- c:\windows\inf\perflib\0419\perfi.dat 2009-07-14 08:40:40 336704 ----a-w- c:\windows\inf\perflib\0419\perfh.dat 2009-07-14 08:40:40 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 08:40:40 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 08:40:40 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 08:40:40 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-04-08 03:59:25 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 4:39:55.74 ===============
    Saturday, September 25, 2010 5:57 PM
  • Could you possibly reformat and trim that two-volume encyclopedia of an entry? I read just two lines and gave up after that.  I seriously doubt anyone else will even get past the third sentence.

    Just saying.....

    Bill

    Sunday, September 26, 2010 7:13 PM