Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Need Help!

TRY

By TRY
in Spyware-Malware Removal Help!

Recommended Posts

Melvin_Deal Newbie

Melvin_Deal

Posted
Posted

Hello again TRY

 

So dds downloaded o.k. but won't run?

 

If so... temporarily disable (turn off and close) any anti-virus, anti-malware, or firewall programs you may be running.

 

Then try to run dds again.

 

If it runs... generate the logs and post them here.

 

Then turn your anti-virus, anti-malware, and firewall back on.

 

Sincerely,

-Mel

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

Attach.txt

 

I Got Dds To Work

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 27/12/2009 4:50:01 PM

System Uptime: 23/11/2011 2:58:20 PM (1 hours ago)

.

Motherboard: eMachines | | eMachines E627

Processor: AMD Athlon Processor TF-20 | Socket S1G1 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 137 GiB total, 101.171 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1496: 22/11/2011 2:16:30 PM - Cleaning Tool

RP1497: 23/11/2011 3:30:27 AM - befor reg clean

RP1460: 23/11/2011 3:53:03 AM - Restore Operation

RP1461: 23/11/2011 7:02:26 AM - Device Driver Package Install: COMODO Network Service

RP1462: 23/11/2011 9:37:05 AM - avast! Free Antivirus Setup

RP1463: 23/11/2011 12:25:55 PM - Windows Modules Installer

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Flash Player 11 ActiveX

Advanced SystemCare 5

AMD USB Filter Driver

AMD VISION Engine Control Center

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

µTorrent

Auslogics BoostSpeed

Auslogics Disk Defrag

avast! Free Antivirus

Catalyst Control Center Core Implementation

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Comodo Dragon

D3DX10

eMachines Recovery Management

eMachines Registration

eMachines Updater

File Shredder 2.0

FileHippo.com Update Checker

Foxit Reader 5.1

Game Booster 3

GIMP 2.6.11

Google Chrome

Google Earth

Google Update Helper

HiJackThis

IObit Unlocker

Java Auto Updater

Java 6 Update 22

Java 6 Update 29

Junk Mail filter update

Launch Manager

Malwarebytes' Anti-Malware version 1.51.2.1300

Mesh Runtime

Messenger Companion

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Suite Activation Assistant

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 8.0 (x86 en-GB)

Mozilla Thunderbird (8.0)

MSVCRT

MSVCRT_amd64

NirSoft BlueScreenView

Notepad++

OOo-dev 3.4

PDFCreator

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Remove Empty Directories version 2.2

RuneScape Launcher 1.2

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

ShadowExplorer 0.8

Skype™ 5.5

TeamViewer 6

Tibia

TuneUp Utilities Language Pack (en-US)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Valkyrie Uploader 1.0

VirusTotal Uploader 2.0

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.11

WebM Media Foundation Components

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

23/11/2011 3:01:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx BC cjxtpv nckkof tvelms

23/11/2011 3:00:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ShadowExplorer Service service to connect.

23/11/2011 3:00:48 PM, Error: Service Control Manager [7000] - The ShadowExplorer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

23/11/2011 2:59:31 PM, Error: Service Control Manager [7001] - The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

23/11/2011 2:51:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MCCASKEY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B63DCBEB-3FDB-4AB7-86C2-D0EF1CE38151}. The master browser is stopping or an election is being forced.

23/11/2011 2:38:15 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: A device attached to the system is not functioning.

23/11/2011 2:38:15 PM, Error: Service Control Manager [7000] - The Net.Pipe Listener Adapter service failed to start due to the following error: A device attached to the system is not functioning.

23/11/2011 2:37:31 PM, Error: Service Control Manager [7000] - The ShadowExplorer Service service failed to start due to the following error: A device attached to the system is not functioning.

23/11/2011 2:37:27 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: A device attached to the system is not functioning.

23/11/2011 2:34:12 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

23/11/2011 2:02:54 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

Logs.zip

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

DDS.txt (PART1)

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Brad at 15:12:18 on 2011-11-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.1788.991 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\system32\locator.exe

C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Eraser\Eraser.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

mRun: [LManager] c:\program files (x86)\launch manager\lmanager.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableStatusMessages = 1 (0x1)

mPolicies-system: DisableStartupSound = 1 (0x1)

TCP: DhcpNameServer = 192.168.2.1 142.177.2.130

TCP: Interfaces\{4F96B375-E0BA-4CB3-8D4D-369D9686818A} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{7EA15B26-1C81-4787-8908-863F775EAAAF} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{B63DCBEB-3FDB-4AB7-86C2-D0EF1CE38151} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{B63DCBEB-3FDB-4AB7-86C2-D0EF1CE38151} : DhcpNameServer = 192.168.2.1 142.177.2.130

TCP: Interfaces\{B63DCBEB-3FDB-4AB7-86C2-D0EF1CE38151}\27562656363616 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{B63DCBEB-3FDB-4AB7-86C2-D0EF1CE38151}\5627E69656 : DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{B63DCBEB-3FDB-4AB7-86C2-D0EF1CE38151}\D636361637B65697 : DhcpNameServer = 192.168.2.1 192.168.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [LManager] c:\program files (x86)\launch manager\lmanager.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\ym3u2kcs.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Brad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1321757050

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1321757290

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1321757170

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1321817882

FF - user.js: browser.blink_allowed - false

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.download.dir - C:\\Users\\Brad\\Downloads

FF - user.js: browser.download.lastDir - C:\\Users\\Brad\\Desktop

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.preferences.advanced.selectedTabIndex - 0

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage - hxxp://www.google.ca/

FF - user.js: browser.startup.homepage_override.buildID - 20111104165243

FF - user.js: browser.startup.homepage_override.mstone - rv:8.0

FF - user.js: browser.syncPromoViewsLeft - 0

FF - user.js: browser.tabs.warnOnClose - false

FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.8.0

FF - user.js: config.trim_on_minimize - false

FF - user.js: extensions.adblockplus.currentVersion - 1.3.10

FF - user.js: extensions.blocklist.pingCountTotal - 3

FF - user.js: extensions.blocklist.pingCountVersion - 3

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 6

FF - user.js: extensions.enabledAddons - SkipScreen@SkipScreen:0.6.1.2,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107,{972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0

FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1321580143394}}},{\name\:\app-profile\,\addons\:{\SkipScreen@SkipScreen\:{\descriptor\:\C:\\\\Users\\\\Brad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ym3u2kcs.default\\\\extensions\\\\SkipScreen@SkipScreen.xpi\,\mtime\:1321580339478},\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\:{\descriptor\:\C:\\\\Users\\\\Brad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ym3u2kcs.default\\\\extensions\\\\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\,\mtime\:1321587790256},\{c0c588b6-b11d-4898-af00-079fed05aa32}\:{\descriptor\:\C:\\\\Users\\\\Brad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ym3u2kcs.default\\\\extensions\\\\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi\,\mtime\:1321643858397},\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\C:\\\\Users\\\\Brad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ym3u2kcs.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1321580339525}}}]

FF - user.js: extensions.lastAppVersion - 8.0

FF - user.js: extensions.lastPlatformVersion - 8.0

FF - user.js: extensions.pendingOperations - false

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: extensions.skipscreen.firstrun - false

FF - user.js: extensions.skipscreen.firstskipdate - Thu Nov 17 2011 21:39:02 GMT-0400 (Atlantic Standard Time)

FF - user.js: extensions.skipscreen.hostMatchStr - hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|http://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|http://(www.)*digg.com/(.{5}|.{6})$|http://www.divshare.com/.*|http://(www.)*filesonic.com/file/.*|http://www.filestube.com/(.*?/details.html|[a-z0-9A-Z]{20}.*)|http://(www.)*hotfile.com/dl/.*|http://(www.)*letitbit.net/download(/.*|[0-9].php)|http://(www.)*limelinx.com/files/.*|http://(([a-zA-Z0-9]){6}.)*link-protector.com/.*|http://lix.in.*|http://(www.)*mediafire.com/(download.php|file)|http://(www.)*mediafire.com/?.*|http://(www.)*megaporn.com/?.*|http://(www.)*megashare.com/.*|http://(www.)*megashares.com/.*|http://(www.)*megaupload.com/?.*|http://(www.)*multiupload.com/?.*|https?://(www.)*rapidshare.com/(files/|#!download).*|http://(www.)*remixshare.com/(download|dl|container)/.*|http://www.sendspace.com/.*|http://sharebee.com/.*|http://(www.)*storage.to/get/.*|http://uploaded.to/file/.*|http://uploaded.to/?view.*|http://uploading.com/files/(get/)*[a-z0-9A-Z]{8}/.*|http://(www.)*vip-file.com/downloadl/.*|http://(www.)*zshare.net/(download|audio)/.*

FF - user.js: extensions.skipscreen.version - 0.6.1.2

FF - user.js: extensions.ui.lastCategory - addons://list/theme

FF - user.js: extensions.ui.locale.hidden - true

FF - user.js: font.internaluseonly.changed - false

FF - user.js: idle.lastDailyNotification - 1321827284

FF - user.js: intl.charsetmenu.browser.cache - UTF-16, windows-1252, ISO-8859-15, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: network.dns.disableIPv6 - true

FF - user.js: network.dnsCacheEntries - 200

FF - user.js: network.dnsCacheExpiration - 240

FF - user.js: network.http.connect.timeout - 60

FF - user.js: network.http.keep-alive.timeout - 300

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 12

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: places.database.lastMaintenance - 1321827284

FF - user.js: places.history.expiration.transient_current_max_pages - 37498

FF - user.js: pref.browser.homepage.disable_button.current_page - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: services.sync.clients.lastSync - 0

FF - user.js: services.sync.clients.lastSyncLocal - 0

FF - user.js: services.sync.migrated - true

FF - user.js: services.sync.tabs.lastSync - 0

FF - user.js: services.sync.tabs.lastSyncLocal - 0

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1321581736

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324172165

FF - user.js: weboftrust.automatic_updates - false

FF - user.js: weboftrust.cookie_updated - 1321835304103

FF - user.js: weboftrust.extension_id - 5cce0b2091356b76ac3b01ce33b2e111a03ee5e9

FF - user.js: weboftrust.firstrun_guide - 2

FF - user.js: weboftrust.last_message - 20110214

FF - user.js: weboftrust.last_version - 20111107

FF - user.js: weboftrust.search.aolsearch.display - AOL Search

FF - user.js: weboftrust.search.aolsearch.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*aol\\.[a-z]{2,}\\/

FF - user.js: weboftrust.search.aolsearch.pre0.match - 3

FF - user.js: weboftrust.search.aolsearch.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*aol\\.[a-z]{2,}\\/[^\\\\?]*redir\\\\?.*s_cu=(http.+)(&.*)?

FF - user.js: weboftrust.search.aolsearch.prestyle - .HL [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.aolsearch.style - a.find ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 2px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.aolsearch.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*aol\\.[a-z]{2,}\\/[^\\\\?]*search\\\\?.+

FF - user.js: weboftrust.search.ask.display - Ask.com Web Search

FF - user.js: weboftrust.search.ask.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*ask\\.com\\/

FF - user.js: weboftrust.search.ask.pre0.match - 4

FF - user.js: weboftrust.search.ask.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*ask\\.com\\/(bar|r)\\\\?.*&u=(http[^&]+)

FF - user.js: weboftrust.search.ask.prestyle - .s_binoc2 ~ [ATTR], .nu ~ [ATTR], [ATTR=\safeweb.norton.com\] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.ask.style - a.title ~ [ATTR=\NAME\], a.L4 ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.ask.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*ask\\.com\\/web\\\\?.+

FF - user.js: weboftrust.search.baidu.display - Baidu

FF - user.js: weboftrust.search.baidu.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*baidu\\.com\\/

FF - user.js: weboftrust.search.baidu.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.baidu.style - .f a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.baidu.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*baidu\\.com\\/s\\\\?.+

FF - user.js: weboftrust.search.bing.display - Bing

FF - user.js: weboftrust.search.bing.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(msn(scache)?|live|bingj?|microsofttranslator)\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/

FF - user.js: weboftrust.search.bing.prestyle - .rc_p [ATTR], .sb_vdl [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.bing.style - .nc_tc a ~ [ATTR=\NAME\], .sb_tlst a ~ [ATTR=\NAME\], .sn_rct a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.bing.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*bing\\.com\\/search\\\\?

FF - user.js: weboftrust.search.dmoz.display - dmoz - Open Directory Project

FF - user.js: weboftrust.search.dmoz.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*dmoz\\.org\\/

FF - user.js: weboftrust.search.dmoz.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.dmoz.style - li a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.dmoz.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*dmoz\\.org\\/

FF - user.js: weboftrust.search.dogpile.display - Dogpile

FF - user.js: weboftrust.search.dogpile.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*dogpile\\.com\\/

FF - user.js: weboftrust.search.dogpile.pre0.match - 3

FF - user.js: weboftrust.search.dogpile.pre0.re - ^http(s)?\\:\\/\\/cs\\.(dogpile|infospace)\\.com\\/ClickHandler.+ru=(http[^&]+)

FF - user.js: weboftrust.search.dogpile.prestyle - .paidSearchResult [ATTR] { display: none ! important; } .searchResultsPane { max-width: 44.08em; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.dogpile.style - a.resultTitle ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-bottom: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.dogpile.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*dogpile\\.com\\/(info\\.[^\\/]+/)?(search\\/)?web.+

FF - user.js: weboftrust.search.facebook.display - Facebook

FF - user.js: weboftrust.search.facebook.dynamic - 1

FF - user.js: weboftrust.search.facebook.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(facebook\\.(com|net)|fbcdn\\.net|bing\\.com)\\/

FF - user.js: weboftrust.search.facebook.match0.attribute0.flags - n

FF - user.js: weboftrust.search.facebook.match0.attribute0.name - class

FF - user.js: weboftrust.search.facebook.match0.attribute0.re - mceContentBody

FF - user.js: weboftrust.search.facebook.match0.element - body

FF - user.js: weboftrust.search.facebook.prestyle - .uiHeader [ATTR], a.uiLinkSubtle ~ [ATTR], .profile-picture [ATTR], .HovercardContent td > a ~ [ATTR], .uiAttachmentTitle ~ a ~ [ATTR], a.UIImageBlock_Image ~ [ATTR], .UIMediaItem [ATTR], .UIStoryAttachment_Caption [ATTR], .uiStreamPassive [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.facebook.style - a[onmousedown^=\UntrustedLink\] ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.facebook.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*facebook\\.com\\/

FF - user.js: weboftrust.search.facebook.urlign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*facebook\\.com\\/(plugins|extern)\\/

FF - user.js: weboftrust.search.gmail.display - Gmail

FF - user.js: weboftrust.search.gmail.dynamic - 1

FF - user.js: weboftrust.search.gmail.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/

FF - user.js: weboftrust.search.gmail.match0.attribute0.flags - n

FF - user.js: weboftrust.search.gmail.match0.attribute0.name - class

FF - user.js: weboftrust.search.gmail.match0.attribute0.re - editable

FF - user.js: weboftrust.search.gmail.match0.element - body

FF - user.js: weboftrust.search.gmail.pre0.match - 4

FF - user.js: weboftrust.search.gmail.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?googlesyndication\\.com\\/(aclk|pagead).*\\\\?.*adurl=(.+)(&.*)?

FF - user.js: weboftrust.search.gmail.prestyle - .e ~ [ATTR], #gbd [ATTR], #gbi [ATTR], .vd ~ [ATTR], .Ni ~ [ATTR], .mr ~ [ATTR], [ATTR] { position: absolute; visibility: hidden; } .e:last-of-type ~ [ATTR] { position: relative; visibility: visible; } #message-area-container ~ #container .source-link ~ [ATTR], #message-area-container ~ #container .title-link ~ [ATTR] { display: none ! important; }

FF - user.js: weboftrust.search.gmail.style - a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-bottom: 2px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.gmail.url - ^http(s)?\\:\\/\\/mail\\.google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(mail|a)\\/.+

FF - user.js: weboftrust.search.gmail.urlign - &(name=htmlcompose|view=(js|cw)&)

FF - user.js: weboftrust.search.google.display - Google

FF - user.js: weboftrust.search.google.dynamic - 1

FF - user.js: weboftrust.search.google.ign - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)*(www|g?mail|maps|news|groups|books|scholar|video|images|blogsearch|translate|sites|docs|picasaweb|profiles|adwords|labs|investor|encrypted|code|services|checkout|trends|plus)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/|q=(cache|related)\\:

FF - user.js: weboftrust.search.google.pre0.match - 9

FF - user.js: weboftrust.search.google.pre0.re - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})|([\\w\\-]+\\.)*start3\\.mozilla\\.com)\\/(url|pagead|interstitial|aclk|product_url).*\\\\?.*(q|adurl|url)(=|%3D)(https?(\\:|%3A)[^&]+)(&.*)?

FF - user.js: weboftrust.search.google.prestyle - #scTopOfPageRefinementLinks[partner=\wot\] [ATTR], #gb [ATTR], #gbd [ATTR], .g > div > div > div span > a.l ~ [ATTR], .ts td > a ~ [ATTR], .result-image [ATTR], .cite ~ [ATTR], .gl [ATTR], .g > a:not([class]):first-child ~ [ATTR], a.f1 ~ [ATTR], a.fl ~ [ATTR], a[href^=\/\][href*=\&oi=video_result\] ~ [ATTR], a[href^=\/\][href*=\&ct=image\] ~ [ATTR], a[href^=\/\][href*=\&sa=X&\] ~ [ATTR], .slk [ATTR], #gbar [ATTR], #ssb [ATTR], #doc3 [ATTR], #sft [ATTR], .osl [ATTR], #rtr [ATTR], .bc [ATTR], #nycprv [ATTR] { display: none ! important; } a[creator=\SiteAdvisor\] img { position: relative ! important; } [mclinkinfo] a ~ [ATTR], a[creator=\SiteAdvisor\] + [ATTR=\siteadvisor.com\], [id^=\BubbleLayer\] [ATTR] { display: none ! important; } [ATTR] { display: none ! important; }

FF - user.js: weboftrust.search.google.script - if(document.location.protocol==\http:\){if(typeof(contentscript)==\object\){contentscript.update();}else if((!window.parent||window==window.parent)&&typeof(loader)!=\object\){loader={time:Date.now(),maxage:300000,url:\hxxp://api.mywot.com/0.4/script?target=google\};var script=wot_getlastscript();if(!script||script.url.indexOf(loader.url)!=0||script.time<(loader.time-loader.maxage)){wot_loadscript(loader.url+(wot_getapiparams()||\\)+\&_=\+loader.time);}else if(script.status==200&&script.code.length>0){eval(script.code);}}}

FF - user.js: weboftrust.search.google.style - a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; display: inline-block ! important; }

FF - user.js: weboftrust.search.google.url - ^http(s)?\\:\\/\\/((www|encrypted)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/

FF - user.js: weboftrust.search.google.urlign - ^http(s)?\\:\\/\\/((www|encrypted)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(\\+|a\\/|accounts|ad(s|manager|planner|sense|words)|alerts|analytics|apps|appserve|base|calendar|chrome(frame)?|codesearch|comparisonads|corporate|crisisresponse|datacenter|dfp|dictionary|doodle|educators|enterprise|events|experimental|familysafety|finance|flutrends|friendconnect|goog411|googlebooks|googlenotebook|googlevoice|gwt|help|history|hostednews|images|imgres|ime|insights|landing|local|logos|mapmaker|maps|mobile|moon|music|newproducts|news|notebook|patents|phone|postini|powermeter|press|profiles|publicdata|puzzles|onlinechallenge|reader|recaptcha|relief|services|s2|sitesearch|sky|smallbusinessnetwork|squared|submit|support|sync|talk|toolbar|uds|ventures|voice|wallet|web(masters|elements)|intl\\/[^\\/]+\\/.+|search\\\\?.*tbm=isch)

FF - user.js: weboftrust.search.googleimages.display - Google Image Search

FF - user.js: weboftrust.search.googleimages.dynamic - 1

FF - user.js: weboftrust.search.googleimages.ign - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)*(www|g?mail|maps|news|groups|books|scholar|video|images|blogsearch|translate|sites|docs|picasaweb|adwords|labs|investor)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/|q=(cache|related)\\:

FF - user.js: weboftrust.search.googleimages.pre0.match - 5

FF - user.js: weboftrust.search.googleimages.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/imgres\\\\?.*img(ref)?url=(.+)(&.*)?

FF - user.js: weboftrust.search.googleimages.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.googleimages.style - a.rg_l ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; top: 5px; left: 5px; position: absolute; visibility: visible; } #ImgContent a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; top: 0px; margin-left: -20px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.googleimages.url - ^http(s)?\\:\\/\\/(www|images)\\.google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(images\\\\?.+|search\\\\?.*tbm=isch)

FF - user.js: weboftrust.search.hotmail.display - Windows Live Hotmail

FF - user.js: weboftrust.search.hotmail.dynamic - 1

FF - user.js: weboftrust.search.hotmail.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(live|(imagine-)?msn|microsoft)\\.com\\/

FF - user.js: weboftrust.search.hotmail.match0.element - #mp0_msgPartBody

FF - user.js: weboftrust.search.hotmail.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.hotmail.style - .MsgPartBody a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.hotmail.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*mail\\.live\\.com\\/mail\\/

FF - user.js: weboftrust.search.ixquick.display - Ixquick

FF - user.js: weboftrust.search.ixquick.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(ixquick|startpage|startingpage)\\.com\\/?

FF - user.js: weboftrust.search.ixquick.pre0.match - 6

FF - user.js: weboftrust.search.ixquick.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(url|pagead|interstitial|aclk).*\\\\?.*(q|adurl|url)=(.+)(&.*)?

FF - user.js: weboftrust.search.ixquick.pre1.match - 4

FF - user.js: weboftrust.search.ixquick.pre1.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(ixquick|startpage|startingpage)\\.com\\/do\\/highlight.*&u=(http[^&]*)

FF - user.js: weboftrust.search.ixquick.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.ixquick.style - a.title ~ [ATTR=\NAME\], a.title2 ~ [ATTR=\NAME\], .result h3 > a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.ixquick.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(ixquick|startpage|startingpage)\\.com\\/do\\/metasearch

FF - user.js: weboftrust.search.mailru.display - Mail.Ru

FF - user.js: weboftrust.search.mailru.ign - ^http(s)?\\:\\/\\/(.+\\.)?mail\\.ru\\/

FF - user.js: weboftrust.search.mailru.pre0.match - 9

FF - user.js: weboftrust.search.mailru.pre0.re - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})|([\\w\\-]+\\.)*start3\\.mozilla\\.com)\\/(url|pagead|interstitial|aclk|product_url).*\\\\?.*(q|adurl|url)(=|%3D)(https?(\\:|%3A)[^&]+)(&.*)?

FF - user.js: weboftrust.search.mailru.prestyle - a ~ [ATTR] ~ a ~ [ATTR], .video-thumb [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.mailru.style - .res-head a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.mailru.url - ^http(s)?\\:\\/\\/go\\.mail\\.ru\\/search\\?.+

FF - user.js: weboftrust.search.naver.display - Naver

FF - user.js: weboftrust.search.naver.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*naver\\.com\\/

FF - user.js: weboftrust.search.naver.prestyle - .thumb_wrap [ATTR], .thumb [ATTR], .mov_thumb [ATTR], .btn_area [ATTR], .txt_block [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.naver.style - #content a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.naver.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*naver\\.com\\/search.*\\\\?.+

FF - user.js: weboftrust.search.rambler.display - Rambler

FF - user.js: weboftrust.search.rambler.ign - ^http(s)?\\:\\/\\/(.+\\.)?rambler\\.ru\\/

FF - user.js: weboftrust.search.rambler.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.rambler.style - .search-results a.title ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.rambler.url - ^http(s)?\\:\\/\\/nova\\.rambler\\.ru\\/(search|srch)\\?.+

FF - user.js: weboftrust.search.reddit.display - reddit

FF - user.js: weboftrust.search.reddit.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*reddit\\.com\\/

FF - user.js: weboftrust.search.reddit.prestyle - .thumbnail ~ [ATTR], .footer [ATTR], #ad [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.reddit.style - .content a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.reddit.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*reddit\\.com\\/

FF - user.js: weboftrust.search.reddit.urlign - ^http(s)?\\:\\/\\/blog\\.reddit\\.com\\/

FF - user.js: weboftrust.search.searchcom.display - Search.com

FF - user.js: weboftrust.search.searchcom.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*search\\.com\\/.+

FF - user.js: weboftrust.search.searchcom.pre0.match - 3

FF - user.js: weboftrust.search.searchcom.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?search\\.com\\/click.*\\\\?.*,(http.*)$

FF - user.js: weboftrust.search.searchcom.pre1.match - 6

FF - user.js: weboftrust.search.searchcom.pre1.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(url|pagead|interstitial|aclk).*\\\\?.*(q|adurl|url)=(.+)(&.*)?

FF - user.js: weboftrust.search.searchcom.prestyle - .attrib [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.searchcom.style - .title a ~ [ATTR=\NAME\], .savvyad_unit a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; } .savvyad_unit a ~ [ATTR] { float: right; margin-top: -16px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.searchcom.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*search\\.com\\/search(\\\\?|\\/).+

FF - user.js: weboftrust.search.seznam.display - Seznam

FF - user.js: weboftrust.search.seznam.ign - ^http(s)?\\:\\/\\/(.+\\.)?(seznam|sklik)\\.cz\\/

FF - user.js: weboftrust.search.seznam.pre0.match - 3

FF - user.js: weboftrust.search.seznam.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?sklik\\.cz\\/click.*url=([^&]+)

FF - user.js: weboftrust.search.seznam.prestyle - .limiter > a ~ [ATTR], .hintImage a ~ [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.seznam.style - .result a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.seznam.url - ^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/

FF - user.js: weboftrust.search.twitter.display - Twitter

FF - user.js: weboftrust.search.twitter.dynamic - 1

FF - user.js: weboftrust.search.twitter.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*twitter\\.com\\/

FF - user.js: weboftrust.search.twitter.prestyle - .meta a ~ [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.twitter.style - #content a ~ [ATTR=\NAME\], .tweet-text a ~ [ATTR=\NAME\], .message-content a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.twitter.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*twitter\\.com\\/

FF - user.js: weboftrust.search.twitter.urlign - ^http(s)?\\:\\/\\/platform\\.twitter\\.com\\/widgets\\/

FF - user.js: weboftrust.search.vkontakte.display - VKontakte

FF - user.js: weboftrust.search.vkontakte.dynamic - 1

FF - user.js: weboftrust.search.vkontakte.ign - ^http(s)?\\:\\/\\/(.+\\.)?(vk\\.com|vkontakte\\.ru)\\/

FF - user.js: weboftrust.search.vkontakte.match0.attribute0.flags - n

FF - user.js: weboftrust.search.vkontakte.match0.attribute0.name - class

FF - user.js: weboftrust.search.vkontakte.match0.attribute0.re - editor_body

FF - user.js: weboftrust.search.vkontakte.match0.element - body

FF - user.js: weboftrust.search.vkontakte.pre0.match - 5

FF - user.js: weboftrust.search.vkontakte.pre0.re - http(s)?\\:\\/\\/(vk\\.com|vkontakte\\.ru)\\/away\\.php\\?.*(to)(=|%3D)(https?(\\:|%3A)[^&]+)(&.*)?

FF - user.js: weboftrust.search.vkontakte.style - #content a ~ [ATTR=NAME], #pv_box a ~ [ATTR=NAME], #wk_box a ~ [ATTR=NAME], a.lnk ~ [ATTR=NAME] { background: url(IMAGE) right no-repeat; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.vkontakte.url - ^http(s)?\\:\\/\\/(vkontakte\\.ru|vk\\.com)\\/

FF - user.js: weboftrust.search.webde.display - WEB.DE

FF - user.js: weboftrust.search.webde.ign - ^http(s)?\\:\\/\\/(.+\\.)?web\\.de\\/

FF - user.js: weboftrust.search.webde.pre0.match - 9

FF - user.js: weboftrust.search.webde.pre0.re - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})|([\\w\\-]+\\.)*start3\\.mozilla\\.com)\\/(url|pagead|interstitial|aclk|product_url).*\\\\?.*(q|adurl|url)(=|%3D)(https?(\\:|%3A)[^&]+)(&.*)?

FF - user.js: weboftrust.search.webde.prestyle - [ATTR] { position: absolute; visibility: hidden; } .sponsoredLink a { display: inline ! important; }

FF - user.js: weboftrust.search.webde.style - .resultContent h3 a ~ [ATTR=\NAME\], .sponsoredLink h3 a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.webde.url - ^http(s)?\\:\\/\\/suche\\.web\\.de\\/search\\/(web|dir)

FF - user.js: weboftrust.search.wikipedia.display - Wikipedia

FF - user.js: weboftrust.search.wikipedia.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(wik(ipedia|ibooks|inews|imedia(foundation)?|iquote|isource|tionary|iversity)|mediawiki)\\.org\\/

FF - user.js: weboftrust.search.wikipedia.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.wikipedia.style - #bodyContent a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat ! important; margin-left: 4px ! important; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.wikipedia.url - ^http(s)?\\:\\/\\/.+\\.wiki(pedia|news)\\.org\\/

FF - user.js: weboftrust.search.wikipedia.urlign - \\/w\\/extensions\\/|&action=(edit|submit)

FF - user.js: weboftrust.search.yahoo.display - Yahoo!

FF - user.js: weboftrust.search.yahoo.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/|^http(s)?\\:\\/\\/.+\\/search\\/cache\\\\?

FF - user.js: weboftrust.search.yahoo.pre0.match - 4

FF - user.js: weboftrust.search.yahoo.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+\\*\\*http.+yahoo\\.[a-z]{2,}.+fu=(http.+)

FF - user.js: weboftrust.search.yahoo.pre1.match - 4

FF - user.js: weboftrust.search.yahoo.pre1.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+\\*\\*(http.+)

FF - user.js: weboftrust.search.yahoo.pre2.match - 4

FF - user.js: weboftrust.search.yahoo.pre2.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/click\\\\?u=(http.+)

FF - user.js: weboftrust.search.yahoo.prestyle - .bbox [ATTR], .right [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.yahoo.style - a.yschttl ~ [ATTR=\NAME\], .active a ~ [ATTR=\NAME\], .hd h3 a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.yahoo.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/search[;\\\\?].+

FF - user.js: weboftrust.search.yahoomail.display - Yahoo! Mail

FF - user.js: weboftrust.search.yahoomail.dynamic - 1

FF - user.js: weboftrust.search.yahoomail.ign - ^http(s)?\\:\\/\\/([\\w\\-]*\\.)*(yahoo\\.(com|net)|ymailupdates\\.com)\\/

FF - user.js: weboftrust.search.yahoomail.match0.condition - or

FF - user.js: weboftrust.search.yahoomail.match0.match0.attribute0.name - class

FF - user.js: weboftrust.search.yahoomail.match0.match0.attribute0.re - msg-body

FF - user.js: weboftrust.search.yahoomail.match0.match0.element - div

FF - user.js: weboftrust.search.yahoomail.match0.match1.attribute0.name - id

FF - user.js: weboftrust.search.yahoomail.match0.match1.attribute0.re - ^(messageAreaIframe|ViewArea_.*)$

FF - user.js: weboftrust.search.yahoomail.match0.match1.element - $frame

FF - user.js: weboftrust.search.yahoomail.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.yahoomail.style - a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.yahoomail.url - ^http(s)?\\:\\/\\/([\\w\\-]*\\.)*mail\\.yahoo\\.(com|net)\\/(dc|neo|om\\/api)\\/

FF - user.js: weboftrust.search.yandex.display - Yandex

FF - user.js: weboftrust.search.yandex.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yandex\\.([a-z]{2,}|com\\.[a-z]{2})\\/

FF - user.js: weboftrust.search.yandex.prestyle - .redirect [ATTR], .show-player ~ [ATTR], .moreInfo [ATTR], .l-head [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.yandex.style - .b-serp-item__title-link ~ [ATTR=\NAME\], .b-serp-item__title__link ~ [ATTR=\NAME\], .agp ~ [ATTR=\NAME\], .title ~ [ATTR=\NAME\], .domain ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 0px; margin-right: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.yandex.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yandex\\.(ru|com|com\\.tr|ua|kz|by)\\/(yand|family|school)?search\\\\?.+

FF - user.js: weboftrust.shared.1 - 4sq.com,abcn.ws,aol.it,apne.ws,bbc.in,bzfd.it,clck.ru,cs.pn,d3w.io,dlvr.it,eca.sh,engt.co,es.pn,exm.nr,f.ast.ly,fa.by,flpbd.it,gd.is,ht.ly,huff.to,ind.pn,is.gd,j.mp,lat.ms,lnkd.in,migre.me,n.pr,nblo.gs,nyr.kr,nyti.ms,on.cnn.com,on.mash.to,on.msnbc.com,ow.ly,pep.si,ping.fm,politi.co,post.ly,rww.to,su.pr,t.co,tcrn.ch,tgr.ph,thkpr.gs,tiny.ly,tinyurl.com,tl.gd,tldr.us,tr.im,twitter.com,usat.me,wapo.st,wp.me,x.co,yhoo.it

FF - user.js: weboftrust.shared.2 - bit.ly,bitly.com,goo.gl,gu.com,sites.google.com

FF - user.js: weboftrust.show_rating_frame - false

FF - user.js: weboftrust.status_level - c0a90e52b9eb578d70e9cc9c0aa2fedfc89c9647

FF - user.js: weboftrust.update_checked - 1321825588322

FF - user.js: weboftrust.witness_id - 3b6f343831d7ec0b92f1e3819778eb41e6aed35f

FF - user.js: weboftrust.witness_key - 009183b09cb96501c2d17145c773303fbfc45ce8

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

DDS.txt (PART2)

 

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-23 490840]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-13 361984]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-23 44768]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-8-21 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-21 366152]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-6 2358656]

R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-21 240160]

R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-4-8 149544]

R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-4-8 148008]

R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-4-8 205352]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]

S2 sesvc;ShadowExplorer Service;C:\Program Files (x86)\ShadowExplorer\sesvc.exe [2011-11-22 9216]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

S4 IObitUnlocker;IObitUnlocker;C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-11-22 35256]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-11-23 18:45:56 -------- d-----w- C:\Users\Brad\AppData\Local\temp

2011-11-23 18:02:47 -------- d-----w- C:\Users\Brad\AppData\Roaming\IObit

2011-11-23 17:19:45 -------- d-----w- C:\MGtools

2011-11-23 16:26:36 -------- d-----w- C:\Windows\ehome

2011-11-23 15:28:34 98816 ----a-w- C:\Windows\sed.exe

2011-11-23 15:28:34 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-23 15:28:34 256000 ----a-w- C:\Windows\PEV.exe

2011-11-23 15:28:34 208896 ----a-w- C:\Windows\MBR.exe

2011-11-23 15:00:25 -------- d-----w- C:\ProgramData\Comodo

2011-11-23 14:52:48 -------- d-----w- C:\_OTL

2011-11-23 14:10:52 -------- d-----w- C:\Users\Brad\AppData\Roaming\SpeedyPC Software

2011-11-23 14:10:52 -------- d-----w- C:\Users\Brad\AppData\Roaming\DriverCure

2011-11-23 14:10:41 -------- d-----w- C:\ProgramData\SpeedyPC Software

2011-11-23 13:38:13 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-11-23 13:38:13 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-11-23 13:37:28 -------- d-----w- C:\ProgramData\AVAST Software

2011-11-23 13:37:28 -------- d-----w- C:\Program Files\AVAST Software

2011-11-23 11:27:02 -------- d-----w- C:\Users\Brad\AppData\Local\COMODO

2011-11-23 11:01:11 -------- d-----w- C:\ProgramData\Comodo Downloader

2011-11-23 07:52:18 -------- d-----w- C:\Users\Brad\AppData\Local\ElevatedDiagnostics

2011-11-23 06:39:28 -------- d-----w- C:\WinDVD2

2011-11-22 18:28:37 -------- d-----w- C:\Windows\System32\wbem\Logs

2011-11-22 18:18:33 -------- d-----w- C:\Windows\System32\wbem\MOF\good

2011-11-22 18:18:33 -------- d-----w- C:\Windows\System32\wbem\MOF\bad

2011-11-22 18:18:33 -------- d-----w- C:\Windows\System32\wbem\MOF

2011-11-22 18:10:01 -------- d-----w- C:\Users\Brad\AppData\Local\Remove_Empty_Directories

2011-11-22 17:57:38 -------- d-----w- C:\Users\Brad\AppData\Local\Eraser 6

2011-11-22 17:05:08 -------- d-----w- C:\Users\Brad\AppData\Roaming\KoshyJohn.com

2011-11-22 16:26:30 -------- d-----w- C:\Program Files\Eraser

2011-11-22 16:22:01 -------- d-----w- C:\Program Files (x86)\File Shredder

2011-11-22 16:09:16 -------- d-----w- C:\ProgramData\IObit

2011-11-22 16:09:16 -------- d-----w- C:\Program Files (x86)\IObit

2011-11-22 16:04:37 -------- d-----w- C:\Program Files (x86)\Remove Empty Directories

2011-11-22 07:07:25 -------- d-----w- C:\Users\Brad\VirtualBox VMs

2011-11-22 06:44:35 -------- d-----w- C:\Users\Brad\.VirtualBox

2011-11-22 06:43:48 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2011-11-22 06:43:37 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2011-11-22 06:43:32 -------- d-----w- C:\Program Files\Oracle

2011-11-22 06:26:05 -------- d-----w- C:\Users\Brad\AppData\Roaming\www.shadowexplorer.com

2011-11-22 06:24:30 -------- d-----w- C:\Program Files (x86)\ShadowExplorer

2011-11-22 06:20:45 388096 ----a-r- C:\Users\Brad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-22 06:20:45 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-11-22 03:41:25 -------- d-----w- C:\Users\Brad\AppData\Roaming\Auslogics

2011-11-22 01:25:10 -------- d-----w- C:\Program Files (x86)\COMODO

2011-11-21 11:03:21 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-11-21 07:07:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-21 06:41:41 -------- d-----w- C:\Backup

2011-11-21 00:24:33 -------- d-----w- C:\ProgramData\kingsoft

2011-11-20 21:18:30 -------- d-----w- C:\Program Files (x86)\Cisco

2011-11-20 21:10:40 -------- d-----w- C:\Users\Brad\AppData\Local\AMD

2011-11-20 21:04:33 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-11-20 21:04:24 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-11-20 21:04:20 53376 ----a-w- C:\Windows\System32\drivers\usbfilter.sys

2011-11-20 21:03:24 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-11-20 21:03:23 -------- d-----w- C:\ProgramData\AMD

2011-11-20 21:03:17 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2011-11-20 21:02:20 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-11-20 21:00:59 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-11-20 20:43:49 -------- d-----w- C:\Program Files\ATI Technologies

2011-11-20 20:42:08 -------- d-----w- C:\ATI

2011-11-20 20:35:31 -------- d-----w- C:\Windows\SysWow64\RTCOM

2011-11-20 20:33:23 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-11-19 22:40:43 -------- d-----w- C:\Program Files (x86)\Auslogics

2011-11-19 22:07:11 -------- d-----w- C:\Users\Brad\AppData\Local\Apple Computer

2011-11-19 22:05:28 -------- d-----w- C:\Users\Brad\AppData\Local\Apple

2011-11-19 21:33:55 -------- d-----w- C:\Users\Brad\AppData\Roaming\Mipony

2011-11-19 18:48:12 -------- d-----w- C:\Program Files\Hitman Pro 3.5

2011-11-19 18:48:04 -------- d-----w- C:\ProgramData\Hitman Pro

2011-11-19 18:41:40 -------- d-----w- C:\Program Files (x86)\GIMP-2.0

2011-11-19 18:30:53 -------- d-----w- C:\Program Files\CPUID

2011-11-19 18:27:22 -------- d-----w- C:\Program Files\Speccy

2011-11-19 17:32:46 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-11-19 17:32:46 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-11-19 17:32:44 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-11-19 17:32:44 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-11-18 18:50:09 -------- d-----w- C:\Program Files\CCleaner

2011-11-17 20:02:20 -------- d-----w- C:\Users\Brad\AppData\Roaming\TuneUp Software

2011-11-17 17:10:39 -------- d-----w- C:\Users\Brad\AppData\Local\{422A3319-4DD3-4E03-9B93-F1CDBD444068}

2011-11-17 17:10:32 -------- d-----w- C:\Users\Brad\AppData\Local\{7C3D7488-8A4C-4F11-B09A-7819671B2DAC}

2011-11-17 16:36:36 74 ----a-w- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\SendTo\listfiles.bat

2011-11-16 22:31:11 -------- d-----w- C:\Users\Brad\AppData\Roaming\SUPERAntiSpyware.com

2011-11-16 22:31:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-11-16 22:31:02 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-11-16 22:27:30 -------- d-----w- C:\Program Files (x86)\NirSoft

2011-11-16 20:20:39 -------- d-----w- C:\Program Files (x86)\FileHippo.com

2011-11-16 19:01:35 -------- d-----w- C:\Users\Brad\AppData\Roaming\uTorrent

2011-11-16 19:01:35 -------- d-----w- C:\Users\Brad\AppData\Local\uTorrent

2011-11-16 18:40:32 -------- d-----w- C:\Users\Brad\AppData\Roaming\Systweak

2011-11-16 15:24:46 -------- d-----w- C:\Users\Brad\AppData\Roaming\OOo-dev

2011-11-16 15:23:12 -------- d-----w- C:\Program Files (x86)\OOo-dev 3

2011-11-16 01:37:43 -------- d-----w- C:\Users\Brad\AppData\Roaming\pdfforge

2011-11-16 01:37:39 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll

2011-11-16 01:37:39 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX

2011-11-16 01:37:39 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2011-11-16 01:37:36 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL

2011-11-16 01:37:36 -------- d-----w- C:\Program Files (x86)\PDFCreator

2011-11-10 14:05:58 -------- d-----w- C:\Windows\.jagex_cache_32

2011-11-08 18:44:48 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-08 18:44:48 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-08 18:44:46 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-08 18:44:45 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-07 18:56:45 -------- d-----w- C:\Windows\System32\drivers\NISx64\1301010.003

2011-11-07 18:52:07 -------- d-----w- C:\Windows\System32\drivers\NISx64

2011-11-06 06:37:24 -------- d-----w- C:\Program Files (x86)\TeamViewer

2011-11-04 22:14:37 -------- d-s---w- C:\Windows\SysWow64\Microsoft

2011-11-04 16:37:00 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

2011-11-04 16:37:00 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2011-11-04 16:36:58 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

2011-11-02 20:31:09 33920 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys

2011-11-01 17:12:48 24984 ----a-w- C:\Windows\SysWow64\drivers\BC.sys

2011-11-01 14:26:08 -------- d-----w- C:\ProgramData\Systweak

2011-11-01 13:25:33 -------- d-----w- C:\Users\Brad\jagexcache1

2011-10-31 21:46:00 -------- d-----w- C:\Windows\System32\W7NBC

2011-10-30 22:45:45 96338 ----a-w- C:\ProgramData\1320014648.bdinstall.bin

2011-10-30 22:40:38 199793 ----a-w- C:\ProgramData\1320014130.bdinstall.bin

2011-10-30 16:23:45 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4a6f961c1cc972004\MeshBetaRemover.exe

2011-10-30 16:23:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\467006671cc972003\DSETUP.dll

2011-10-30 16:23:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\467006671cc972003\DXSETUP.exe

2011-10-30 16:23:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\467006671cc972003\dsetup32.dll

2011-10-30 16:23:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40cb23221cc972002\DSETUP.dll

2011-10-30 16:23:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40cb23221cc972002\DXSETUP.exe

2011-10-30 16:23:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40cb23221cc972002\dsetup32.dll

2011-10-30 14:09:38 925184 ----a-w- C:\Windows\expstart.exe

2011-10-30 13:59:28 328704 ----a-w- C:\Windows\System32\uDWM_backup_w7abt.dll

2011-10-30 13:59:28 120320 ----a-w- C:\Windows\System32\dwm_backup_w7abt.exe

2011-10-30 13:58:55 2871808 ----a-w- C:\Windows\explorer.backup.exe

2011-10-30 13:58:54 -------- d-----w- C:\Windows\W7SOC

2011-10-25 04:14:25 -------- d-----r- C:\Program Files (x86)\Skype

.

==================== Find3M ====================

.

2011-11-14 17:46:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-06 01:51:56 6656 ----a-w- C:\Windows\System32\lpcio.dll

2011-10-20 03:10:14 22872 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe

2011-10-19 18:05:06 627600 ----a-w- C:\Windows\System32\deployJava1.dll

2011-10-18 23:53:14 2957544 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-10-18 22:10:30 99432 ----a-w- C:\Windows\System32\RCoInst64.dll

2011-10-18 17:55:50 331880 ----a-w- C:\Windows\System32\RtlCPAPI64.dll

2011-10-18 17:47:22 1914472 ----a-w- C:\Windows\System32\RtkApi64.dll

2011-10-18 15:05:00 2528872 ----a-w- C:\Windows\System32\RtPgEx64.dll

2011-10-17 21:30:38 3213928 ----a-w- C:\Windows\System32\RtkAPO64.dll

2011-10-14 17:43:48 1873920 ----a-w- C:\Windows\System32\RCoRes64.dat

2011-10-13 21:37:30 10496000 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-10-13 20:57:02 24864768 ----a-w- C:\Windows\System32\atio6axx.dll

2011-10-13 20:53:24 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-10-13 20:53:18 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-10-13 20:53:10 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll

2011-10-13 20:53:02 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll

2011-10-13 20:52:52 16991744 ----a-w- C:\Windows\System32\amdocl64.dll

2011-10-13 20:52:08 13950976 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-10-13 20:51:20 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-10-13 20:51:14 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-10-13 20:36:08 18756096 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-10-13 20:35:12 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-10-13 20:35:00 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-10-13 20:33:48 892416 ----a-w- C:\Windows\System32\aticfx64.dll

2011-10-13 20:31:26 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-10-13 20:31:16 516608 ----a-w- C:\Windows\System32\atieclxx.exe

2011-10-13 20:30:44 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-10-13 20:29:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-10-13 20:29:26 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-10-13 20:29:22 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-10-13 20:29:12 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-10-13 20:29:08 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-10-13 20:29:04 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-10-13 20:29:00 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-10-13 20:25:28 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-10-13 20:20:26 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-10-13 20:19:52 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-10-13 20:19:40 4042752 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-10-13 20:16:22 5041664 ----a-w- C:\Windows\System32\atidxx64.dll

2011-10-13 20:10:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-10-13 20:10:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-10-13 20:10:16 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-10-13 20:10:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-10-13 20:09:28 4188672 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-10-13 20:06:16 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-10-13 20:05:56 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-10-13 20:00:10 5510144 ----a-w- C:\Windows\System32\atiumd64.dll

2011-10-13 19:59:44 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-10-13 19:53:32 486912 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-10-13 19:53:24 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-10-13 19:53:10 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-10-13 19:53:06 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-10-13 19:53:06 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-10-13 19:53:04 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-10-13 19:52:56 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-10-13 19:52:50 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-10-13 19:52:10 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-10-13 19:52:04 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-10-13 19:52:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-10-13 19:51:54 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-10-13 19:51:32 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-10-13 19:51:32 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-10-13 19:51:26 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-10-13 19:51:26 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-10-13 19:51:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-10-03 08:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-27 03:32:28 111408 ----a-w- C:\Windows\System32\drivers\35247947.sys

2011-09-20 02:54:44 108656 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys

2011-09-06 21:45:29 41184 ----a-w- C:\Windows\avastSS.scr

2011-09-02 18:21:40 221024 ----a-w- C:\Windows\System32\SFNHK64.dll

2011-09-02 18:21:38 78688 ----a-w- C:\Windows\System32\SFAPO64.dll

2011-09-02 18:21:36 81248 ----a-w- C:\Windows\System32\SFCOM64.dll

2011-09-01 14:15:10 553280 ----a-w- C:\Windows\System32\drivers\avckf.sys

2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-31 22:12:00 1698408 ----a-w- C:\Windows\RtlExUpd.dll

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

.

============= FINISH: 15:13:17.65 ===============

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

P2P - I see you have P2P software installed on your machine. (µTorrent)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

***********************************************

You can also uninstall Java 6 Update 22. It's no longer needed

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

**********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

Malwarebytes' Anti-Malware 1.51.2.1300

http://www.malwarebytes.org

 

Database version: 8226

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

23/11/2011 4:38:22 PM

mbam-log-2011-11-23 (16-38-22).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 279637

Time elapsed: 32 minute(s), 2 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 11/23/2011 at 05:27 PM

 

Application Version : 5.0.1136

 

Core Rules Database Version : 7982

Trace Rules Database Version: 5794

 

Scan type : Complete Scan

Total Scan Time : 00:43:53

 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator

 

Memory items scanned : 783

Memory threats detected : 0

Registry items scanned : 72064

Registry threats detected : 0

File items scanned : 61235

File threats detected : 0

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

*********************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix login your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

Log: Results of screen317's Security Check version 0.99.28

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

TuneUp Utilities Language Pack (en-US)

Java 6 Update 29

Mozilla Firefox (8.0.)

Mozilla Thunderbird (8.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Common Files Authentium AntiVirus5 vsedsps.exe

Common Files Authentium AntiVirus5 vseamps.exe

Common Files Authentium AntiVirus5 vseqrts.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

ComboFix (PART1)

 

ComboFix 11-11-23.03 - Brad 23/11/2011 22:11:35.2.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.1788.1014 [GMT -4:00]

Running from: c:\users\Brad\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))

.

.

2011-11-24 02:20 . 2011-11-24 02:24 -------- d-----w- c:\users\Brad\AppData\Local\temp

2011-11-24 02:20 . 2011-11-24 02:20 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2011-11-24 02:20 . 2011-11-24 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-23 18:02 . 2011-11-23 18:02 -------- d-----w- c:\users\Brad\AppData\Roaming\IObit

2011-11-23 17:19 . 2011-11-23 17:25 -------- d-----w- C:\MGtools

2011-11-23 16:26 . 2011-11-23 16:26 -------- d-----w- c:\windows\ehome

2011-11-23 16:26 . 2011-11-23 16:26 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs

2011-11-23 15:00 . 2011-11-23 15:00 -------- d-----w- c:\programdata\Comodo

2011-11-23 14:52 . 2011-11-23 14:52 -------- d-----w- C:\_OTL

2011-11-23 14:10 . 2011-11-23 14:10 -------- d-----w- c:\users\Brad\AppData\Roaming\SpeedyPC Software

2011-11-23 14:10 . 2011-11-23 14:10 -------- d-----w- c:\users\Brad\AppData\Roaming\DriverCure

2011-11-23 14:10 . 2011-11-23 14:12 -------- d-----w- c:\programdata\SpeedyPC Software

2011-11-23 13:38 . 2011-09-06 21:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-23 13:38 . 2011-09-06 21:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-23 13:38 . 2011-09-06 21:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-23 13:38 . 2011-09-06 21:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-23 13:38 . 2011-09-06 21:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-23 13:38 . 2011-09-06 21:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-23 13:38 . 2011-09-06 21:45 254400 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-23 13:37 . 2011-11-23 13:37 -------- d-----w- c:\programdata\AVAST Software

2011-11-23 13:37 . 2011-11-23 13:37 -------- d-----w- c:\program files\AVAST Software

2011-11-23 11:27 . 2011-11-23 13:31 -------- d-----w- c:\users\Brad\AppData\Local\COMODO

2011-11-23 11:01 . 2011-11-23 11:01 -------- d-----w- c:\programdata\Comodo Downloader

2011-11-23 07:52 . 2011-11-23 08:58 -------- d-----w- c:\users\Brad\AppData\Local\ElevatedDiagnostics

2011-11-23 06:39 . 2011-11-23 07:55 -------- d-----w- C:\WinDVD2

2011-11-22 18:29 . 2011-11-22 18:29 -------- d-----w- c:\windows\Sun

2011-11-22 18:28 . 2011-11-22 18:28 -------- d-----w- c:\windows\system32\wbem\Logs

2011-11-22 18:18 . 2011-11-22 18:18 -------- d-----w- c:\windows\system32\wbem\MOF

2011-11-22 18:10 . 2011-11-22 18:10 -------- d-----w- c:\users\Brad\AppData\Local\Remove_Empty_Directories

2011-11-22 17:57 . 2011-11-22 17:57 -------- d-----w- c:\users\Brad\AppData\Local\Eraser 6

2011-11-22 17:05 . 2011-11-22 17:05 -------- d-----w- c:\users\Brad\AppData\Roaming\KoshyJohn.com

2011-11-22 16:26 . 2011-11-22 16:26 -------- d-----w- c:\program files\Eraser

2011-11-22 16:22 . 2011-11-22 16:22 -------- d-----w- c:\program files (x86)\File Shredder

2011-11-22 16:11 . 2011-11-22 17:35 -------- d-----w- c:\users\Brad\AppData\Roaming\Notepad++

2011-11-22 16:11 . 2011-11-22 16:11 -------- d-----w- c:\program files (x86)\Notepad++

2011-11-22 16:09 . 2011-11-23 18:03 -------- d-----w- c:\programdata\IObit

2011-11-22 16:09 . 2011-11-23 18:02 -------- d-----w- c:\program files (x86)\IObit

2011-11-22 16:04 . 2011-11-22 16:04 -------- d-----w- c:\program files (x86)\Remove Empty Directories

2011-11-22 07:07 . 2011-11-22 07:07 -------- d-----w- c:\users\Brad\VirtualBox VMs

2011-11-22 06:44 . 2011-11-23 22:00 -------- d-----w- c:\users\Brad\.VirtualBox

2011-11-22 06:43 . 2011-11-04 16:37 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-11-22 06:43 . 2011-11-04 16:37 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-11-22 06:43 . 2011-11-22 06:43 -------- d-----w- c:\program files\Oracle

2011-11-22 06:26 . 2011-11-22 06:26 -------- d-----w- c:\users\Brad\AppData\Roaming\www.shadowexplorer.com

2011-11-22 06:24 . 2011-11-22 06:24 -------- d-----w- c:\program files (x86)\ShadowExplorer

2011-11-22 06:20 . 2011-11-22 06:20 388096 ----a-r- c:\users\Brad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-22 06:20 . 2011-11-22 06:20 -------- d-----w- c:\program files (x86)\Trend Micro

2011-11-22 03:41 . 2011-11-22 17:13 -------- d-----w- c:\users\Brad\AppData\Roaming\Auslogics

2011-11-22 01:25 . 2011-11-23 11:32 -------- d-----w- c:\program files (x86)\COMODO

2011-11-21 11:03 . 2011-11-23 15:24 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-21 07:07 . 2011-11-21 07:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-21 06:41 . 2011-11-24 02:07 -------- d-----w- C:\Backup

2011-11-21 00:24 . 2011-11-21 01:06 -------- d-----w- c:\programdata\kingsoft

2011-11-20 21:18 . 2011-11-20 21:18 -------- d-----w- c:\program files (x86)\Cisco

2011-11-20 21:10 . 2011-11-20 21:10 -------- d-----w- c:\users\Brad\AppData\Local\AMD

2011-11-20 21:09 . 2011-11-20 21:09 -------- d-----w- c:\programdata\ATI

2011-11-20 21:04 . 2011-11-20 21:04 -------- d-----w- c:\program files (x86)\AMD APP

2011-11-20 21:04 . 2011-11-20 21:04 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2011-11-20 21:04 . 2011-08-17 20:44 53376 ----a-w- c:\windows\system32\drivers\usbfilter.sys

2011-11-20 21:03 . 2011-11-20 21:03 -------- d-----w- c:\program files (x86)\ATI Technologies

2011-11-20 21:03 . 2011-11-20 21:03 -------- d-----w- c:\programdata\AMD

2011-11-20 21:03 . 2010-02-18 13:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys

2011-11-20 21:02 . 2011-11-20 21:02 -------- d-----w- c:\program files\Common Files\ATI Technologies

2011-11-20 21:00 . 2011-10-13 21:37 10496000 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-11-20 20:43 . 2011-11-20 21:03 -------- d-----w- c:\program files\ATI Technologies

2011-11-20 20:42 . 2011-11-20 20:42 -------- d-----w- C:\ATI

2011-11-20 20:35 . 2011-11-20 20:35 -------- d-----w- c:\windows\SysWow64\RTCOM

2011-11-20 20:33 . 2005-11-14 03:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-11-19 22:40 . 2011-11-23 16:29 -------- d-----w- c:\program files (x86)\Auslogics

2011-11-19 22:10 . 2011-11-23 07:54 -------- d-----w- c:\program files (x86)\Google

2011-11-19 22:07 . 2011-11-19 22:07 -------- d-----w- c:\users\Brad\AppData\Local\Apple Computer

2011-11-19 22:07 . 2011-11-20 06:20 -------- d-----w- c:\users\Brad\AppData\Roaming\Apple Computer

2011-11-19 22:06 . 2011-11-19 22:06 -------- d-----w- c:\programdata\Apple Computer

2011-11-19 22:05 . 2011-11-19 22:05 -------- d-----w- c:\users\Brad\AppData\Local\Apple

2011-11-19 22:05 . 2011-11-19 22:05 -------- d-----w- c:\programdata\Apple

2011-11-19 21:33 . 2011-11-21 01:13 -------- d-----w- c:\users\Brad\AppData\Roaming\Mipony

2011-11-19 18:48 . 2011-11-21 10:57 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-11-19 18:48 . 2011-11-19 18:48 -------- d-----w- c:\programdata\Hitman Pro

2011-11-19 18:41 . 2011-11-19 18:41 -------- d-----w- c:\program files (x86)\GIMP-2.0

2011-11-19 18:30 . 2011-11-19 19:22 -------- d-----w- c:\program files\CPUID

2011-11-19 18:28 . 2011-11-19 18:28 -------- d-----w- c:\program files\Recuva

2011-11-19 18:27 . 2011-11-19 18:27 -------- d-----w- c:\program files\Speccy

2011-11-19 17:32 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-11-19 17:32 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-11-19 17:32 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-11-19 17:32 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-11-18 18:50 . 2011-11-23 17:29 -------- d-----w- c:\program files\CCleaner

2011-11-17 20:02 . 2011-11-17 23:01 -------- d-----w- c:\users\Brad\AppData\Roaming\TuneUp Software

2011-11-17 16:36 . 2011-11-17 16:35 74 ----a-w- c:\users\Brad\AppData\Roaming\Microsoft\Windows\SendTo\listfiles.bat

2011-11-16 22:31 . 2011-11-16 22:31 -------- d-----w- c:\users\Brad\AppData\Roaming\SUPERAntiSpyware.com

2011-11-16 22:31 . 2011-11-16 22:31 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-16 22:31 . 2011-11-16 22:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-16 22:27 . 2011-11-16 22:27 -------- d-----w- c:\program files (x86)\NirSoft

2011-11-16 20:20 . 2011-11-16 20:20 -------- d-----w- c:\program files (x86)\FileHippo.com

2011-11-16 19:01 . 2011-11-23 17:29 -------- d-----w- c:\users\Brad\AppData\Roaming\uTorrent

2011-11-16 19:01 . 2011-11-16 19:01 -------- d-----w- c:\users\Brad\AppData\Local\uTorrent

2011-11-16 18:40 . 2011-11-21 08:55 -------- d-----w- c:\users\Brad\AppData\Roaming\Systweak

2011-11-16 15:24 . 2011-11-16 15:24 -------- d-----w- c:\users\Brad\AppData\Roaming\OOo-dev

2011-11-16 15:23 . 2011-11-16 15:23 -------- d-----w- c:\program files (x86)\OOo-dev 3

2011-11-16 01:37 . 2011-11-16 01:37 -------- d-----w- c:\users\Brad\AppData\Roaming\pdfforge

2011-11-16 01:37 . 2005-04-16 00:58 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2011-11-16 01:37 . 2005-03-12 05:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll

2011-11-16 01:37 . 1998-06-24 05:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX

2011-11-16 01:37 . 2011-11-16 01:37 -------- d-----w- c:\program files (x86)\PDFCreator

2011-11-16 01:37 . 1998-07-06 05:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL

2011-11-10 14:05 . 2011-11-23 07:55 -------- d-----w- c:\windows\.jagex_cache_32

2011-11-08 18:44 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-08 18:44 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-08 18:44 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-08 18:44 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys

2011-11-07 18:52 . 2011-11-07 19:02 -------- d-----w- c:\windows\system32\drivers\NISx64

2011-11-07 11:11 . 2011-11-23 16:26 -------- d-----w- c:\program files\Windows Sidebar

2011-11-06 06:37 . 2011-11-06 06:37 -------- d-----w- c:\program files (x86)\TeamViewer

2011-11-04 22:14 . 2011-11-04 22:14 -------- d-s---w- c:\windows\SysWow64\Microsoft

2011-11-04 16:37 . 2011-11-04 16:37 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-11-04 16:37 . 2011-11-04 16:37 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-11-04 16:36 . 2011-11-04 16:36 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2011-11-03 00:08 . 2011-11-03 00:10 -------- d-----w- c:\users\Brad\AppData\Roaming\gtk-2.0

2011-11-02 20:31 . 2011-11-02 20:31 33920 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys

2011-11-01 17:12 . 2011-10-20 16:11 24984 ----a-w- c:\windows\SysWow64\drivers\BC.sys

2011-11-01 14:26 . 2011-11-21 08:55 -------- d-----w- c:\programdata\Systweak

2011-11-01 13:25 . 2011-11-01 13:25 -------- d-----w- c:\users\Brad\jagexcache1

2011-10-31 21:46 . 2011-10-31 21:46 -------- d-----w- c:\windows\system32\W7NBC

2011-10-30 22:45 . 2011-10-30 22:45 96338 ----a-w- c:\programdata\1320014648.bdinstall.bin

2011-10-30 22:40 . 2011-10-30 22:40 199793 ----a-w- c:\programdata\1320014130.bdinstall.bin

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-14 17:46 . 2011-06-09 23:25 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-06 01:51 . 2011-08-09 22:30 6656 ----a-w- c:\windows\system32\lpcio.dll

2011-10-20 03:10 . 2011-09-08 20:33 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2011-10-19 18:05 . 2011-08-05 23:25 627600 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-13 20:53 . 2011-10-13 20:53 66560 ----a-w- c:\windows\system32\OpenVideo64.dll

2011-10-13 20:53 . 2011-10-13 20:53 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2011-10-13 20:53 . 2011-10-13 20:53 66560 ----a-w- c:\windows\system32\OVDecoder64.dll

2011-10-13 20:53 . 2011-10-13 20:53 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll

2011-10-13 20:52 . 2011-10-13 20:52 16991744 ----a-w- c:\windows\system32\amdocl64.dll

2011-10-13 20:52 . 2011-10-13 20:52 13950976 ----a-w- c:\windows\SysWow64\amdocl.dll

2011-10-13 20:51 . 2011-10-13 20:51 51200 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-13 20:51 . 2011-10-13 20:51 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-10-13 20:16 . 2009-08-22 02:37 5041664 ----a-w- c:\windows\system32\atidxx64.dll

2011-10-03 08:06 . 2010-05-18 17:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-27 03:32 . 2011-09-27 03:32 111408 ----a-w- c:\windows\system32\drivers\35247947.sys

2011-09-21 12:00 . 2011-10-13 04:40 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFF1F55F-8E47-4CA2-A447-82CA69052051}\mpengine.dll

2011-09-20 02:54 . 2011-09-20 02:54 108656 ----a-w- c:\windows\system32\drivers\L1C62x64.sys

2011-09-18 20:58 . 2010-06-24 14:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-09-10 13:43 . 2011-09-10 13:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-09-10 13:42 . 2011-09-10 13:42 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-09-10 13:42 . 2011-09-10 13:42 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-09-06 21:45 . 2011-10-19 20:24 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 21:45 . 2011-10-19 20:24 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-09-01 14:15 . 2011-09-01 14:15 553280 ----a-w- c:\windows\system32\drivers\avckf.sys

2011-09-01 05:24 . 2011-10-12 09:02 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 05:17 . 2011-10-12 09:02 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 05:12 . 2011-10-12 09:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-01 02:35 . 2011-10-12 09:02 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-09-01 02:28 . 2011-10-12 09:02 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-09-01 02:22 . 2011-10-12 09:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-08-31 22:12 . 2009-08-22 01:50 1698408 ----a-w- c:\windows\RtlExUpd.dll

2011-08-31 21:00 . 2010-10-29 18:25 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-27 05:37 . 2011-10-12 09:00 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 05:37 . 2011-10-12 09:00 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 04:26 . 2011-10-12 09:00 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:26 . 2011-10-12 09:00 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-23_18.37.35 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-11-23 18:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-11-24 01:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-11-24 01:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-11-23 18:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-11-23 18:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-24 01:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2011-11-24 02:25 72864 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-11-23 18:40 72864 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-12-27 20:51 . 2011-11-24 02:25 51502 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1897117093-3640443674-392562110-1001_UserData.bin

- 2011-11-23 18:36 . 2011-11-23 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-24 01:40 . 2011-11-24 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-24 01:40 . 2011-11-24 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-23 18:36 . 2011-11-23 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-22 02:34 . 2011-11-24 01:44 100268 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2011-10-30 14:02 . 2011-11-23 22:45 649456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-10-30 14:02 . 2011-11-23 18:34 649456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-09-09 00:06 . 2011-11-23 22:45 353220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-09-09 00:06 . 2011-11-23 18:34 353220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-09-09 00:06 . 2011-11-23 22:45 17675004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1897117093-3640443674-392562110-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files (x86)\launch manager\lmanager.exe" [2009-07-27 1157128]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableStatusMessages"= 1 (0x1)

"DisableStartupSound"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

"DisableThumbnailsOnNetworkFolders"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R0 cjxtpv;cjxtpv; [x]

R0 nckkof;nckkof; [x]

R0 tvelms;tvelms; [x]

R1 aswSnx;aswSnx; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]

R3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]

R3 ksfmonsys;ksfmonsys;c:\program files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver; [x]

R3 SASENUM;SASENUM; [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-08-26 35256]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-13 361984]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-08-06 844320]

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-03 9216]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]

S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-04-08 149544]

S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-04-08 148008]

S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-04-08 205352]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 22:10]

.

2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 22:10]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1897117093-3640443674-392562110-1001Core.job

- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 21:58]

.

2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1897117093-3640443674-392562110-1001UA.job

- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 21:58]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 21:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer ePower Management"="c:\program files\emachines\emachines power management\epowertray.exe" [2009-08-06 828960]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

.

ComodoFix.zip

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

ComboFix (PART2)

 

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1 142.177.2.130

TCP: Interfaces\{4F96B375-E0BA-4CB3-8D4D-369D9686818A}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{7EA15B26-1C81-4787-8908-863F775EAAAF}: NameServer = 8.26.56.26,156.154.70.22

FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\ym3u2kcs.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs

*/

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1321757050

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1321757290

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1321757170

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1321817882

FF - user.js: browser.blink_allowed - false

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.download.dir - c:\\Users\\Brad\\Downloads

FF - user.js: browser.download.lastDir - c:\\Users\\Brad\\Desktop

FF - user.js: browser.download.useDownloadDir - false

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.preferences.advanced.selectedTabIndex - 0

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.startup.homepage - hxxp://www.google.ca/

FF - user.js: browser.startup.homepage_override.buildID - 20111104165243

FF - user.js: browser.startup.homepage_override.mstone - rv:8.0

FF - user.js: browser.syncPromoViewsLeft - 0

FF - user.js: browser.tabs.warnOnClose - false

FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.8.0

FF - user.js: config.trim_on_minimize - false

FF - user.js: extensions.adblockplus.currentVersion - 1.3.10

FF - user.js: extensions.blocklist.pingCountTotal - 3

FF - user.js: extensions.blocklist.pingCountVersion - 3

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 6

FF - user.js: extensions.enabledAddons - SkipScreen@SkipScreen:0.6.1.2,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107,{972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0

FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1321580143394}}},{\name\:\app-profile\,\addons\:{\SkipScreen@SkipScreen\:{\descriptor\:\c:\\\\Users\\\\Brad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ym3u2kcs.default\\\\extensions\\\\SkipScreen@SkipScreen.xpi\,\mtime\:1321580339478},\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\:{\descriptor\:\c:\\\\Users\\\\Brad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ym3u2kcs.default\\\\extensions\\\\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\,\mtime\:1321587790256},\{c0c588b6-b11d-4898-af00-079fed05aa32}\:{\descriptor\:\c:\\\\Users\\\\Brad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ym3u2kcs.default\\\\extensions\\\\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi\,\mtime\:1321643858397},\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\Users\\\\Brad\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ym3u2kcs.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1321580339525}}}]

FF - user.js: extensions.lastAppVersion - 8.0

FF - user.js: extensions.lastPlatformVersion - 8.0

FF - user.js: extensions.pendingOperations - false

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: extensions.skipscreen.firstrun - false

FF - user.js: extensions.skipscreen.firstskipdate - Thu Nov 17 2011 21:39 GMT-0400 (Atlantic Standard Time)

FF - user.js: extensions.skipscreen.hostMatchStr - hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|http://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|http://(www.)*digg.com/(.{5}|.{6})$|http://www.divshare.com/.*|http://(www.)*filesonic.com/file/.*|http://www.filestube.com/(.*?/details.html|[a-z0-9A-Z]{20}.*)|http://(www.)*hotfile.com/dl/.*|http://(www.)*letitbit.net/download(/.*|[0-9].php)|http://(www.)*limelinx.com/files/.*|http://(([a-zA-Z0-9]){6}.)*link-protector.com/.*|http://lix.in.*|http://(www.)*mediafire.com/(download.php|file)|http://(www.)*mediafire.com/?.*|http://(www.)*megaporn.com/?.*|http://(www.)*megashare.com/.*|http://(www.)*megashares.com/.*|http://(www.)*megaupload.com/?.*|http://(www.)*multiupload.com/?.*|https?://(www.)*rapidshare.com/(files/|#!download).*|http://(www.)*remixshare.com/(download|dl|container)/.*|http://www.sendspace.com/.*|http://sharebee.com/.*|http://(www.)*storage.to/get/.*|http://uploaded.to/file/.*|http://uploaded.to/?view.*|http://uploading.com/files/(get/)*[a-z0-9A-Z]{8}/.*|http://(www.)*vip-file.com/downloadl/.*|http://(www.)*zshare.net/(download|audio)/.*

FF - user.js: extensions.skipscreen.version - 0.6.1.2

FF - user.js: extensions.ui.lastCategory - addons://list/theme

FF - user.js: extensions.ui.locale.hidden - true

FF - user.js: font.internaluseonly.changed - false

FF - user.js: idle.lastDailyNotification - 1321827284

FF - user.js: intl.charsetmenu.browser.cache - UTF-16, windows-1252, ISO-8859-15, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: network.dns.disableIPv6 - true

FF - user.js: network.dnsCacheEntries - 200

FF - user.js: network.dnsCacheExpiration - 240

FF - user.js: network.http.connect.timeout - 60

FF - user.js: network.http.keep-alive.timeout - 300

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 12

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: places.database.lastMaintenance - 1321827284

FF - user.js: places.history.expiration.transient_current_max_pages - 37498

FF - user.js: pref.browser.homepage.disable_button.current_page - false

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: services.sync.clients.lastSync - 0

FF - user.js: services.sync.clients.lastSyncLocal - 0

FF - user.js: services.sync.migrated - true

FF - user.js: services.sync.tabs.lastSync - 0

FF - user.js: services.sync.tabs.lastSyncLocal - 0

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1321581736

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324172165

FF - user.js: weboftrust.automatic_updates - false

FF - user.js: weboftrust.cookie_updated - 1321835304103

FF - user.js: weboftrust.extension_id - 5cce0b2091356b76ac3b01ce33b2e111a03ee5e9

FF - user.js: weboftrust.firstrun_guide - 2

FF - user.js: weboftrust.last_message - 20110214

FF - user.js: weboftrust.last_version - 20111107

FF - user.js: weboftrust.search.aolsearch.display - AOL Search

FF - user.js: weboftrust.search.aolsearch.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*aol\\.[a-z]{2,}\\/

FF - user.js: weboftrust.search.aolsearch.pre0.match - 3

FF - user.js: weboftrust.search.aolsearch.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*aol\\.[a-z]{2,}\\/[^\\\\?]*redir\\\\?.*s_cu=(http.+)(&.*)?

FF - user.js: weboftrust.search.aolsearch.prestyle - .HL [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.aolsearch.style - a.find ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 2px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.aolsearch.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*aol\\.[a-z]{2,}\\/[^\\\\?]*search\\\\?.+

FF - user.js: weboftrust.search.ask.display - Ask.com Web Search

FF - user.js: weboftrust.search.ask.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*ask\\.com\\/

FF - user.js: weboftrust.search.ask.pre0.match - 4

FF - user.js: weboftrust.search.ask.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*ask\\.com\\/(bar|r)\\\\?.*&u=(http[^&]+)

FF - user.js: weboftrust.search.ask.prestyle - .s_binoc2 ~ [ATTR], .nu ~ [ATTR], [ATTR=\safeweb.norton.com\] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.ask.style - a.title ~ [ATTR=\NAME\], a.L4 ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.ask.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*ask\\.com\\/web\\\\?.+

FF - user.js: weboftrust.search.baidu.display - Baidu

FF - user.js: weboftrust.search.baidu.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*baidu\\.com\\/

FF - user.js: weboftrust.search.baidu.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.baidu.style - .f a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.baidu.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*baidu\\.com\\/s\\\\?.+

FF - user.js: weboftrust.search.bing.display - Bing

FF - user.js: weboftrust.search.bing.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(msn(scache)?|live|bingj?|microsofttranslator)\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/

FF - user.js: weboftrust.search.bing.prestyle - .rc_p [ATTR], .sb_vdl [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.bing.style - .nc_tc a ~ [ATTR=\NAME\], .sb_tlst a ~ [ATTR=\NAME\], .sn_rct a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.bing.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*bing\\.com\\/search\\\\?

FF - user.js: weboftrust.search.dmoz.display - dmoz - Open Directory Project

FF - user.js: weboftrust.search.dmoz.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*dmoz\\.org\\/

FF - user.js: weboftrust.search.dmoz.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.dmoz.style - li a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.dmoz.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*dmoz\\.org\\/

FF - user.js: weboftrust.search.dogpile.display - Dogpile

FF - user.js: weboftrust.search.dogpile.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*dogpile\\.com\\/

FF - user.js: weboftrust.search.dogpile.pre0.match - 3

FF - user.js: weboftrust.search.dogpile.pre0.re - ^http(s)?\\:\\/\\/cs\\.(dogpile|infospace)\\.com\\/ClickHandler.+ru=(http[^&]+)

FF - user.js: weboftrust.search.dogpile.prestyle - .paidSearchResult [ATTR] { display: none ! important; } .searchResultsPane { max-width: 44.08em; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.dogpile.style - a.resultTitle ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-bottom: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.dogpile.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*dogpile\\.com\\/(info\\.[^\\/]+/)?(search\\/)?web.+

FF - user.js: weboftrust.search.facebook.display - Facebook

FF - user.js: weboftrust.search.facebook.dynamic - 1

FF - user.js: weboftrust.search.facebook.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(facebook\\.(com|net)|fbcdn\\.net|bing\\.com)\\/

FF - user.js: weboftrust.search.facebook.match0.attribute0.flags - n

FF - user.js: weboftrust.search.facebook.match0.attribute0.name - class

FF - user.js: weboftrust.search.facebook.match0.attribute0.re - mceContentBody

FF - user.js: weboftrust.search.facebook.match0.element - body

FF - user.js: weboftrust.search.facebook.prestyle - .uiHeader [ATTR], a.uiLinkSubtle ~ [ATTR], .profile-picture [ATTR], .HovercardContent td > a ~ [ATTR], .uiAttachmentTitle ~ a ~ [ATTR], a.UIImageBlock_Image ~ [ATTR], .UIMediaItem [ATTR], .UIStoryAttachment_Caption [ATTR], .uiStreamPassive [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.facebook.style - a[onmousedown^=\UntrustedLink\] ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.facebook.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*facebook\\.com\\/

FF - user.js: weboftrust.search.facebook.urlign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*facebook\\.com\\/(plugins|extern)\\/

FF - user.js: weboftrust.search.gmail.display - Gmail

FF - user.js: weboftrust.search.gmail.dynamic - 1

FF - user.js: weboftrust.search.gmail.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/

FF - user.js: weboftrust.search.gmail.match0.attribute0.flags - n

FF - user.js: weboftrust.search.gmail.match0.attribute0.name - class

FF - user.js: weboftrust.search.gmail.match0.attribute0.re - editable

FF - user.js: weboftrust.search.gmail.match0.element - body

FF - user.js: weboftrust.search.gmail.pre0.match - 4

FF - user.js: weboftrust.search.gmail.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?googlesyndication\\.com\\/(aclk|pagead).*\\\\?.*adurl=(.+)(&.*)?

FF - user.js: weboftrust.search.gmail.prestyle - .e ~ [ATTR], #gbd [ATTR], #gbi [ATTR], .vd ~ [ATTR], .Ni ~ [ATTR], .mr ~ [ATTR], [ATTR] { position: absolute; visibility: hidden; } .e:last-of-type ~ [ATTR] { position: relative; visibility: visible; } #message-area-container ~ #container .source-link ~ [ATTR], #message-area-container ~ #container .title-link ~ [ATTR] { display: none ! important; }

FF - user.js: weboftrust.search.gmail.style - a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-bottom: 2px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.gmail.url - ^http(s)?\\:\\/\\/mail\\.google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(mail|a)\\/.+

FF - user.js: weboftrust.search.gmail.urlign - &(name=htmlcompose|view=(js|cw)&)

FF - user.js: weboftrust.search.google.display - Google

FF - user.js: weboftrust.search.google.dynamic - 1

FF - user.js: weboftrust.search.google.ign - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)*(www|g?mail|maps|news|groups|books|scholar|video|images|blogsearch|translate|sites|docs|picasaweb|profiles|adwords|labs|investor|encrypted|code|services|checkout|trends|plus)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/|q=(cache|related)\\:

FF - user.js: weboftrust.search.google.pre0.match - 9

FF - user.js: weboftrust.search.google.pre0.re - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})|([\\w\\-]+\\.)*start3\\.mozilla\\.com)\\/(url|pagead|interstitial|aclk|product_url).*\\\\?.*(q|adurl|url)(=|%3D)(https?(\\:|%3A)[^&]+)(&.*)?

FF - user.js: weboftrust.search.google.prestyle - #scTopOfPageRefinementLinks[partner=\wot\] [ATTR], #gb [ATTR], #gbd [ATTR], .g > div > div > div span > a.l ~ [ATTR], .ts td > a ~ [ATTR], .result-image [ATTR], .cite ~ [ATTR], .gl [ATTR], .g > a:not([class]):first-child ~ [ATTR], a.f1 ~ [ATTR], a.fl ~ [ATTR], a[href^=\/\][href*=\&oi=video_result\] ~ [ATTR], a[href^=\/\][href*=\&ct=image\] ~ [ATTR], a[href^=\/\][href*=\&sa=X&\] ~ [ATTR], .slk [ATTR], #gbar [ATTR], #ssb [ATTR], #doc3 [ATTR], #sft [ATTR], .osl [ATTR], #rtr [ATTR], .bc [ATTR], #nycprv [ATTR] { display: none ! important; } a[creator=\SiteAdvisor\] img { position: relative ! important; } [mclinkinfo] a ~ [ATTR], a[creator=\SiteAdvisor\] + [ATTR=\siteadvisor.com\], [id^=\BubbleLayer\] [ATTR] { display: none ! important; } [ATTR] { display: none ! important; }

FF - user.js: weboftrust.search.google.script - if(document.location.protocol==\http:\){if(typeof(contentscript)==\object\){contentscript.update();}else if((!window.parent||window==window.parent)&&typeof(loader)!=\object\){loader={time:Date.now(),maxage:300000,url:\hxxp://api.mywot.com/0.4/script?target=google\};var script=wot_getlastscript();if(!script||script.url.indexOf(loader.url)!=0||script.time<(loader.time-loader.maxage)){wot_loadscript(loader.url+(wot_getapiparams()||\\)+\&_=\+loader.time);}else if(script.status==200&&script.code.length>0){eval(script.code);}}}

FF - user.js: weboftrust.search.google.style - a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; display: inline-block ! important; }

FF - user.js: weboftrust.search.google.url - ^http(s)?\\:\\/\\/((www|encrypted)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/

FF - user.js: weboftrust.search.google.urlign - ^http(s)?\\:\\/\\/((www|encrypted)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(\\+|a\\/|accounts|ad(s|manager|planner|sense|words)|alerts|analytics|apps|appserve|base|calendar|chrome(frame)?|codesearch|comparisonads|corporate|crisisresponse|datacenter|dfp|dictionary|doodle|educators|enterprise|events|experimental|familysafety|finance|flutrends|friendconnect|goog411|googlebooks|googlenotebook|googlevoice|gwt|help|history|hostednews|images|imgres|ime|insights|landing|local|logos|mapmaker|maps|mobile|moon|music|newproducts|news|notebook|patents|phone|postini|powermeter|press|profiles|publicdata|puzzles|onlinechallenge|reader|recaptcha|relief|services|s2|sitesearch|sky|smallbusinessnetwork|squared|submit|support|sync|talk|toolbar|uds|ventures|voice|wallet|web(masters|elements)|intl\\/[^\\/]+\\/.+|search\\\\?.*tbm=isch)

FF - user.js: weboftrust.search.googleimages.display - Google Image Search

FF - user.js: weboftrust.search.googleimages.dynamic - 1

FF - user.js: weboftrust.search.googleimages.ign - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)*(www|g?mail|maps|news|groups|books|scholar|video|images|blogsearch|translate|sites|docs|picasaweb|adwords|labs|investor)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/|q=(cache|related)\\:

FF - user.js: weboftrust.search.googleimages.pre0.match - 5

FF - user.js: weboftrust.search.googleimages.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/imgres\\\\?.*img(ref)?url=(.+)(&.*)?

FF - user.js: weboftrust.search.googleimages.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.googleimages.style - a.rg_l ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; top: 5px; left: 5px; position: absolute; visibility: visible; } #ImgContent a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; top: 0px; margin-left: -20px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.googleimages.url - ^http(s)?\\:\\/\\/(www|images)\\.google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(images\\\\?.+|search\\\\?.*tbm=isch)

FF - user.js: weboftrust.search.hotmail.display - Windows Live Hotmail

FF - user.js: weboftrust.search.hotmail.dynamic - 1

FF - user.js: weboftrust.search.hotmail.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(live|(imagine-)?msn|microsoft)\\.com\\/

FF - user.js: weboftrust.search.hotmail.match0.element - #mp0_msgPartBody

FF - user.js: weboftrust.search.hotmail.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.hotmail.style - .MsgPartBody a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.hotmail.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*mail\\.live\\.com\\/mail\\/

FF - user.js: weboftrust.search.ixquick.display - Ixquick

FF - user.js: weboftrust.search.ixquick.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(ixquick|startpage|startingpage)\\.com\\/?

FF - user.js: weboftrust.search.ixquick.pre0.match - 6

FF - user.js: weboftrust.search.ixquick.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(url|pagead|interstitial|aclk).*\\\\?.*(q|adurl|url)=(.+)(&.*)?

FF - user.js: weboftrust.search.ixquick.pre1.match - 4

FF - user.js: weboftrust.search.ixquick.pre1.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(ixquick|startpage|startingpage)\\.com\\/do\\/highlight.*&u=(http[^&]*)

FF - user.js: weboftrust.search.ixquick.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.ixquick.style - a.title ~ [ATTR=\NAME\], a.title2 ~ [ATTR=\NAME\], .result h3 > a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.ixquick.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(ixquick|startpage|startingpage)\\.com\\/do\\/metasearch

FF - user.js: weboftrust.search.mailru.display - Mail.Ru

FF - user.js: weboftrust.search.mailru.ign - ^http(s)?\\:\\/\\/(.+\\.)?mail\\.ru\\/

FF - user.js: weboftrust.search.mailru.pre0.match - 9

FF - user.js: weboftrust.search.mailru.pre0.re - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})|([\\w\\-]+\\.)*start3\\.mozilla\\.com)\\/(url|pagead|interstitial|aclk|product_url).*\\\\?.*(q|adurl|url)(=|%3D)(https?(\\:|%3A)[^&]+)(&.*)?

FF - user.js: weboftrust.search.mailru.prestyle - a ~ [ATTR] ~ a ~ [ATTR], .video-thumb [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.mailru.style - .res-head a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.mailru.url - ^http(s)?\\:\\/\\/go\\.mail\\.ru\\/search\\?.+

FF - user.js: weboftrust.search.naver.display - Naver

FF - user.js: weboftrust.search.naver.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*naver\\.com\\/

FF - user.js: weboftrust.search.naver.prestyle - .thumb_wrap [ATTR], .thumb [ATTR], .mov_thumb [ATTR], .btn_area [ATTR], .txt_block [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.naver.style - #content a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.naver.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*naver\\.com\\/search.*\\\\?.+

FF - user.js: weboftrust.search.rambler.display - Rambler

FF - user.js: weboftrust.search.rambler.ign - ^http(s)?\\:\\/\\/(.+\\.)?rambler\\.ru\\/

FF - user.js: weboftrust.search.rambler.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.rambler.style - .search-results a.title ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.rambler.url - ^http(s)?\\:\\/\\/nova\\.rambler\\.ru\\/(search|srch)\\?.+

FF - user.js: weboftrust.search.reddit.display - reddit

FF - user.js: weboftrust.search.reddit.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*reddit\\.com\\/

FF - user.js: weboftrust.search.reddit.prestyle - .thumbnail ~ [ATTR], .footer [ATTR], #ad [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.reddit.style - .content a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.reddit.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*reddit\\.com\\/

FF - user.js: weboftrust.search.reddit.urlign - ^http(s)?\\:\\/\\/blog\\.reddit\\.com\\/

FF - user.js: weboftrust.search.searchcom.display - Search.com

FF - user.js: weboftrust.search.searchcom.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*search\\.com\\/.+

FF - user.js: weboftrust.search.searchcom.pre0.match - 3

FF - user.js: weboftrust.search.searchcom.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?search\\.com\\/click.*\\\\?.*,(http.*)$

FF - user.js: weboftrust.search.searchcom.pre1.match - 6

FF - user.js: weboftrust.search.searchcom.pre1.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(url|pagead|interstitial|aclk).*\\\\?.*(q|adurl|url)=(.+)(&.*)?

FF - user.js: weboftrust.search.searchcom.prestyle - .attrib [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.searchcom.style - .title a ~ [ATTR=\NAME\], .savvyad_unit a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; } .savvyad_unit a ~ [ATTR] { float: right; margin-top: -16px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.searchcom.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*search\\.com\\/search(\\\\?|\\/).+

FF - user.js: weboftrust.search.seznam.display - Seznam

FF - user.js: weboftrust.search.seznam.ign - ^http(s)?\\:\\/\\/(.+\\.)?(seznam|sklik)\\.cz\\/

FF - user.js: weboftrust.search.seznam.pre0.match - 3

FF - user.js: weboftrust.search.seznam.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)?sklik\\.cz\\/click.*url=([^&]+)

FF - user.js: weboftrust.search.seznam.prestyle - .limiter > a ~ [ATTR], .hintImage a ~ [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.seznam.style - .result a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.seznam.url - ^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/

FF - user.js: weboftrust.search.twitter.display - Twitter

FF - user.js: weboftrust.search.twitter.dynamic - 1

FF - user.js: weboftrust.search.twitter.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*twitter\\.com\\/

FF - user.js: weboftrust.search.twitter.prestyle - .meta a ~ [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.twitter.style - #content a ~ [ATTR=\NAME\], .tweet-text a ~ [ATTR=\NAME\], .message-content a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.twitter.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*twitter\\.com\\/

FF - user.js: weboftrust.search.twitter.urlign - ^http(s)?\\:\\/\\/platform\\.twitter\\.com\\/widgets\\/

FF - user.js: weboftrust.search.vkontakte.display - VKontakte

FF - user.js: weboftrust.search.vkontakte.dynamic - 1

FF - user.js: weboftrust.search.vkontakte.ign - ^http(s)?\\:\\/\\/(.+\\.)?(vk\\.com|vkontakte\\.ru)\\/

FF - user.js: weboftrust.search.vkontakte.match0.attribute0.flags - n

FF - user.js: weboftrust.search.vkontakte.match0.attribute0.name - class

FF - user.js: weboftrust.search.vkontakte.match0.attribute0.re - editor_body

FF - user.js: weboftrust.search.vkontakte.match0.element - body

FF - user.js: weboftrust.search.vkontakte.pre0.match - 5

FF - user.js: weboftrust.search.vkontakte.pre0.re - http(s)?\\:\\/\\/(vk\\.com|vkontakte\\.ru)\\/away\\.php\\?.*(to)(=|%3D)(https?(\\:|%3A)[^&]+)(&.*)?

FF - user.js: weboftrust.search.vkontakte.style - #content a ~ [ATTR=NAME], #pv_box a ~ [ATTR=NAME], #wk_box a ~ [ATTR=NAME], a.lnk ~ [ATTR=NAME] { background: url(IMAGE) right no-repeat; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.vkontakte.url - ^http(s)?\\:\\/\\/(vkontakte\\.ru|vk\\.com)\\/

FF - user.js: weboftrust.search.webde.display - WEB.DE

FF - user.js: weboftrust.search.webde.ign - ^http(s)?\\:\\/\\/(.+\\.)?web\\.de\\/

FF - user.js: weboftrust.search.webde.pre0.match - 9

FF - user.js: weboftrust.search.webde.pre0.re - ^http(s)?\\:\\/\\/(([\\w\\-]+\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})|([\\w\\-]+\\.)*start3\\.mozilla\\.com)\\/(url|pagead|interstitial|aclk|product_url).*\\\\?.*(q|adurl|url)(=|%3D)(https?(\\:|%3A)[^&]+)(&.*)?

FF - user.js: weboftrust.search.webde.prestyle - [ATTR] { position: absolute; visibility: hidden; } .sponsoredLink a { display: inline ! important; }

FF - user.js: weboftrust.search.webde.style - .resultContent h3 a ~ [ATTR=\NAME\], .sponsoredLink h3 a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.webde.url - ^http(s)?\\:\\/\\/suche\\.web\\.de\\/search\\/(web|dir)

FF - user.js: weboftrust.search.wikipedia.display - Wikipedia

FF - user.js: weboftrust.search.wikipedia.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*(wik(ipedia|ibooks|inews|imedia(foundation)?|iquote|isource|tionary|iversity)|mediawiki)\\.org\\/

FF - user.js: weboftrust.search.wikipedia.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.wikipedia.style - #bodyContent a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat ! important; margin-left: 4px ! important; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.wikipedia.url - ^http(s)?\\:\\/\\/.+\\.wiki(pedia|news)\\.org\\/

FF - user.js: weboftrust.search.wikipedia.urlign - \\/w\\/extensions\\/|&action=(edit|submit)

FF - user.js: weboftrust.search.yahoo.display - Yahoo!

FF - user.js: weboftrust.search.yahoo.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/|^http(s)?\\:\\/\\/.+\\/search\\/cache\\\\?

FF - user.js: weboftrust.search.yahoo.pre0.match - 4

FF - user.js: weboftrust.search.yahoo.pre0.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+\\*\\*http.+yahoo\\.[a-z]{2,}.+fu=(http.+)

FF - user.js: weboftrust.search.yahoo.pre1.match - 4

FF - user.js: weboftrust.search.yahoo.pre1.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+\\*\\*(http.+)

FF - user.js: weboftrust.search.yahoo.pre2.match - 4

FF - user.js: weboftrust.search.yahoo.pre2.re - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/click\\\\?u=(http.+)

FF - user.js: weboftrust.search.yahoo.prestyle - .bbox [ATTR], .right [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.yahoo.style - a.yschttl ~ [ATTR=\NAME\], .active a ~ [ATTR=\NAME\], .hd h3 a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 1px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.yahoo.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/search[;\\\\?].+

FF - user.js: weboftrust.search.yahoomail.display - Yahoo! Mail

FF - user.js: weboftrust.search.yahoomail.dynamic - 1

FF - user.js: weboftrust.search.yahoomail.ign - ^http(s)?\\:\\/\\/([\\w\\-]*\\.)*(yahoo\\.(com|net)|ymailupdates\\.com)\\/

FF - user.js: weboftrust.search.yahoomail.match0.condition - or

FF - user.js: weboftrust.search.yahoomail.match0.match0.attribute0.name - class

FF - user.js: weboftrust.search.yahoomail.match0.match0.attribute0.re - msg-body

FF - user.js: weboftrust.search.yahoomail.match0.match0.element - div

FF - user.js: weboftrust.search.yahoomail.match0.match1.attribute0.name - id

FF - user.js: weboftrust.search.yahoomail.match0.match1.attribute0.re - ^(messageAreaIframe|ViewArea_.*)$

FF - user.js: weboftrust.search.yahoomail.match0.match1.element - $frame

FF - user.js: weboftrust.search.yahoomail.prestyle - [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.yahoomail.style - a ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.yahoomail.url - ^http(s)?\\:\\/\\/([\\w\\-]*\\.)*mail\\.yahoo\\.(com|net)\\/(dc|neo|om\\/api)\\/

FF - user.js: weboftrust.search.yandex.display - Yandex

FF - user.js: weboftrust.search.yandex.ign - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yandex\\.([a-z]{2,}|com\\.[a-z]{2})\\/

FF - user.js: weboftrust.search.yandex.prestyle - .redirect [ATTR], .show-player ~ [ATTR], .moreInfo [ATTR], .l-head [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }

FF - user.js: weboftrust.search.yandex.style - .b-serp-item__title-link ~ [ATTR=\NAME\], .b-serp-item__title__link ~ [ATTR=\NAME\], .agp ~ [ATTR=\NAME\], .title ~ [ATTR=\NAME\], .domain ~ [ATTR=\NAME\] { background: url(IMAGE) right no-repeat; margin-left: 0px; margin-right: 4px; position: relative; visibility: visible; }

FF - user.js: weboftrust.search.yandex.url - ^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yandex\\.(ru|com|com\\.tr|ua|kz|by)\\/(yand|family|school)?search\\\\?.+

FF - user.js: weboftrust.shared.1 - 4sq.com,abcn.ws,aol.it,apne.ws,bbc.in,bzfd.it,clck.ru,cs.pn,d3w.io,dlvr.it,eca.sh,engt.co,es.pn,exm.nr,f.ast.ly,fa.by,flpbd.it,gd.is,ht.ly,huff.to,ind.pn,is.gd,j.mp,lat.ms,lnkd.in,migre.me,n.pr,nblo.gs,nyr.kr,nyti.ms,on.cnn.com,on.mash.to,on.msnbc.com,ow.ly,pep.si,ping.fm,politi.co,post.ly,rww.to,su.pr,t.co,tcrn.ch,tgr.ph,thkpr.gs,tiny.ly,tinyurl.com,tl.gd,tldr.us,tr.im,twitter.com,usat.me,wapo.st,wp.me,x.co,yhoo.it

FF - user.js: weboftrust.shared.2 - bit.ly,bitly.com,goo.gl,gu.com,sites.google.com

FF - user.js: weboftrust.show_rating_frame - false

FF - user.js: weboftrust.status_level - c0a90e52b9eb578d70e9cc9c0aa2fedfc89c9647

FF - user.js: weboftrust.update_checked - 1321825588322

FF - user.js: weboftrust.witness_id - 3b6f343831d7ec0b92f1e3819778eb41e6aed35f

FF - user.js: weboftrust.witness_key - 009183b09cb96501c2d17145c773303fbfc45ce8

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:2a,95,1f,96,60,4d,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,0c,1d,bc,b0,0a,13,4e,bc,b1,3d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,0c,1d,bc,b0,0a,13,4e,bc,b1,3d,\

.

[HKEY_USERS\S-1-5-21-1897117093-3640443674-392562110-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-1897117093-3640443674-392562110-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromiumHTML"

.

[HKEY_USERS\S-1-5-21-1897117093-3640443674-392562110-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-1897117093-3640443674-392562110-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromiumHTML"

.

[HKEY_USERS\S-1-5-21-1897117093-3640443674-392562110-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (S-1-5-21-1897117093-3640443674-392562110-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromiumHTML"

.

[HKEY_USERS\S-1-5-21-1897117093-3640443674-392562110-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-1897117093-3640443674-392562110-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-1897117093-3640443674-392562110-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromiumHTML"

.

[HKEY_USERS\S-1-5-21-1897117093-3640443674-392562110-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-1897117093-3640443674-392562110-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromiumHTML"

.

[HKEY_USERS\S-1-5-21-1897117093-3640443674-392562110-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

.

**************************************************************************

.

Completion time: 2011-11-23 22:29:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-24 02:29

.

Pre-Run: 106,472,185,856 bytes free

Post-Run: 106,416,128,000 bytes free

.

- - End Of File - - 0062B6BD516823D9E550E6172792D127

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows 7 Home Edition (6.1.7601) Service Pack 1

[32_bits] - AMD64 Family 15 Model 124 Stepping 2, AuthenticAMD

.

[wscsvc] STOPPED (state:1) : Security Center -> Disabled !

[MpsSvc] RUNNING (state:4)

Windows Firewall -> Enabled

Windows Defender -> Disabled !

User Account Control (UAC) -> Disabled !

.

Internet Explorer 9.0.8112.16421

Mozilla Firefox 8.0 (en-GB)

.

C:\ [Fixed-NTFS] .. ( Total:136 Go - Free:90 Go )

D:\ [CD_Rom]

E:\ [CD_Rom]

F:\ [CD_Rom]

.

Scan : 12:08.35

Path : C:\Users\Brad\Desktop\Rooter.exe

User : Brad ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

Locked System (4)

______ ???�?????? (380)

______ ???�?????? (588)

______ ???�?????? (656)

______ ???�?????? (664)

______ ???�?????? (700)

______ ???�?????? (760)

______ ???�?????? (768)

______ ???�?????? (776)

______ ???�?????? (864)

______ ???�?????? (948)

______ ???�?????? (544)

______ ???�?????? (580)

______ ???�?????? (748)

Locked audiodg.exe (1060)

______ ???�?????? (1104)

______ ???�?????? (1204)

______ ???�?????? (1348)

______ ???�?????? (1356)

______ ???�?????? (1448)

______ ???�?????? (1600)

______ C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (1768)

______ ???�?????? (1876)

______ ???�?????? (2028)

______ ???�?????? (2036)

______ ???�?????? (1620)

______ ???�?????? (1028)

______ ???�?????? (1832)

______ ???�?????? (1388)

______ ???�?????? (2180)

______ ???�?????? (2328)

______ ???�?????? (2828)

______ ???�?????? (2836)

______ ???�?????? (3000)

______ ???�?????? (2380)

______ C:\Program Files (x86)\Launch Manager\LManager.exe (1736)

______ C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (2628)

______ C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (2592)

______ ???�?????? (2652)

______ ???�?????? (3332)

______ ???�?????? (3584)

______ ???�?????? (3180)

______ ???�?????? (812)

______ ???�?????? (2200)

______ ???�?????? (2504)

______ ???�?????? (1676)

______ ???�?????? (2888)

______ C:\Users\Brad\Desktop\Rooter.exe (3724)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:12888981504)

\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:12889013760 | Length:106928640)

\Device\Harddisk0\Partition3 (Start_Offset:12995942400 | Length:147044894720)

.

----------------------\\ Scheduled Tasks

.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1897117093-3640443674-392562110-1001Core.job

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1897117093-3640443674-392562110-1001UA.job

C:\Windows\Tasks\SA.DAT

C:\Windows\Tasks\SCHEDLGU.TXT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 12:08.42

.

C:\Rooter$\Rooter_1.txt - (25/11/2011 | 12:08.42)

Rooter.txt

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites
Melvin_Deal Newbie

Melvin_Deal

Posted
Posted

Hi TRY... glad you came back!!

 

Your machine is still not clean. I bet you've noticed its running better though.

 

Q. Have you been using the machine since your last post here?? And if so have you made any alterations to it (software changes) or surfing/using questionable sites?

 

If you have... then please run a new dds log and attach it here.

 

Wait for Dave, as he is handling your issues!!

 

 

Sincerely

-Mel:-D

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Save these instructions so you can have access to them while in Safe Mode.

 

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
     
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

•Then click on Scan at the to right hand Corner.

•It will automatically Neutralize any objects found.

•If some objects are left un-neutralized then click the button that says Neutralize all

•If it says it cannot be neutralized then choose the delete option when prompted.

•After that is done click on the reports button at the bottom and save it to file name it Kas.

•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

 

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

That looks good. How's the computer running? One more scan, if you please.

 

Let's run a few more scans to see what turns up.

 

Please download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg

 

Click the "Scan" button to start scan

 

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png

 

On completion of the scan click save log, save it to your desktop and post in your next reply

Link to comment
Share on other sites
TRY Newbie

TRY

Posted
  • Author
Posted

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-12-03 14:06:31

-----------------------------

14:06:31.829 OS Version: Windows x64 6.1.7601 Service Pack 1

14:06:31.829 Number of processors: 1 586 0x7C02

14:06:31.829 ComputerName: BRAD-PC UserName: Brad

14:06:32.859 Initialize success

14:06:49.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f

14:06:49.561 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 11

14:06:51.589 Disk 0 MBR read successfully

14:06:51.589 Disk 0 MBR scan

14:06:51.589 Disk 0 Windows 7 default MBR code

14:06:51.589 Service scanning

14:06:52.618 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

14:06:53.554 Modules scanning

14:06:53.554 Disk 0 trace - called modules:

14:06:53.601 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys

14:06:53.601 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002668060]

14:06:53.601 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8002663040]

14:06:53.617 5 amd_xata.sys[fffff880010efb3f] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa8002657060]

14:06:53.617 Scan finished successfully

14:07:11.978 Disk 0 MBR has been saved successfully to "C:\Users\Brad\Desktop\MBR.dat"

14:07:12.149 The log file has been saved successfully to "C:\Users\Brad\Desktop\aswMBR.txt"

aswMBR.txt

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...