Virus? I don't know...

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Shorte85

Thread Starter
Joined
Sep 17, 2010
Messages
187
I don't mean to double post, however I just wanted to let you know. That I don't know if this is the ieploxer.exe (Internet Explorer) virus that I have been seeing a few posts about on this board, however the strange thing is that I don't use IE, I use Firefox so I am not sure how or why. But every time the window pops up and says it's doing a scan and what not, it opens up every time in a IE browser. I'm not sure if you seen the screen shot in my first post or not. But I'm clueless as to what this is.

I don't know, I am just glad I have someone taking time out of their lives to help me with this because it is definitely driving me nuts. lol
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
hijack this isn't showing the entries It has trouble with 64 bit computers
lets deal with it this way
Download OTScanIt.exe to your Desktop
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Double-click on OTS.exe to start the program.
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
 

Shorte85

Thread Starter
Joined
Sep 17, 2010
Messages
187
Here is the log, and I don't think avast intervened with the scan because nothing popped up or anything. Here's the log:

Code:
OTS logfile created on: 12/27/2010 5:17:42 PM - Run 2
OTS by OldTimer - Version 3.1.40.1     Folder = C:\Users\Latour\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.53 Gb Total Space | 177.02 Gb Free Space | 61.78% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.54 Gb Free Space | 13.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 24.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.95 Gb Total Space | 1.81 Gb Free Space | 92.94% Space Free | Partition Type: FAT
 
Computer Name: LATOUR-PC
Current User Name: Latour
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Latour\Desktop\OTS.exe -> [2010/12/27 17:15:25 | 000,642,048 | ---- | M] (OldTimer Tools)
wdfme.exe -> C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -> [2010/09/08 09:45:10 | 001,034,752 | ---- | M] ()
avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software)
avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software)
crossloopservice.exe -> C:\Users\Latour\AppData\Local\CrossLoop\CrossLoopService.exe -> [2010/08/17 18:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc)
lightshot.exe -> C:\Users\Latour\AppData\Local\Skillbrains\lightshot\1.3.0.25\Lightshot.exe -> [2010/01/05 14:54:14 | 000,546,816 | ---- | M] (Skillbrains)
hpbtnsrv.exe -> c:\hp\HPEZBTN\HPBtnSrv.exe -> [2007/05/29 17:19:06 | 000,198,240 | ---- | M] ()
hpsysdrv.exe -> C:\hp\support\hpsysdrv.exe -> [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company)
 
[Modules - Safe List]
ots.exe -> C:\Users\Latour\Desktop\OTS.exe -> [2010/12/27 17:15:25 | 000,642,048 | ---- | M] (OldTimer Tools)
sahook.dll -> c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll -> [2010/12/09 14:20:40 | 000,018,176 | ---- | M] (McAfee, Inc.)
comctl32.dll -> C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
64bit-(WDDMService)  [Auto | Running] -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -> [2010/09/08 09:42:42 | 000,288,256 | ---- | M] (WDC)
64bit-(avast! Web Scanner)  [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software)
64bit-(avast! Mail Scanner)  [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software)
64bit-(avast! Antivirus)  [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software)
64bit-(WinDefend)  [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation)
64bit-(TabletService)  [Auto | Running] -> C:\Windows\SysNative\Tablet.exe -> [2007/03/30 17:06:22 | 001,574,448 | ---- | M] (Wacom Technology, Corp.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -> [2010/11/24 11:07:58 | 000,101,048 | ---- | M] (McAfee, Inc.)
(WDFME) WD File Management Engine [Auto | Running] -> C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -> [2010/09/08 09:45:10 | 001,034,752 | ---- | M] ()
(WDSC) WD File Management Shadow Engine [Auto | Running] -> C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -> [2010/09/08 09:44:42 | 000,485,376 | ---- | M] ()
(CrossLoopService) CrossLoop Service [Auto | Running] -> C:\Users\Latour\AppData\Local\CrossLoop\CrossLoopService.exe -> [2010/08/17 18:26:38 | 000,560,848 | ---- | M] (CrossLoop Inc)
(tvnserver) TightVNC Server [On_Demand | Stopped] -> C:\Users\Latour\AppData\Local\CrossLoop\tvnserver.exe -> [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation)
(HPBtnSrv) HP Chasis Button Service [Auto | Running] -> c:\hp\HPEZBTN\HPBtnSrv.exe -> [2007/05/29 17:19:06 | 000,198,240 | ---- | M] ()
 
[Driver Services - Safe List]
64bit-(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -> File not found
64bit-(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -> File not found
64bit-(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\ipinip.sys -> File not found
64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software)
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation)
64bit-(wacmoumonitor) Wacom Mode Helper [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -> [2009/08/27 14:06:34 | 000,018,216 | ---- | M] (Wacom Technology)
64bit-(HTCAND64) HTC Device Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -> [2009/06/10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation)
64bit-(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\wdcsam64.sys -> [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies)
64bit-(xcbdaNtsc) ViXS Tuner Card (NTSC) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\xcbdax64.sys -> [2007/09/07 09:43:24 | 000,204,672 | ---- | M] (ViXS Systems Inc.)
64bit-(wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -> [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology)
64bit-(wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\wacomvhid.sys -> [2007/02/16 09:30:12 | 000,014,640 | ---- | M] (Wacom Technology)
64bit-(Ntfs) Ntfs [File_System | On_Demand | Running] -> C:\Windows\SysNative\wbem\ntfs.mof -> [2006/09/18 16:36:24 | 000,000,308 | ---- | M] ()
(SMSIVZAM5X64) SMSIVZAM5X64 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -> [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\] > -> -> 
HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\: Main\\"Start Page" -> http://www.ask.com?o=14196&l=dis -> 
HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\: SearchURL\\"" -> http://search.yahoo.com/search?fr=mcafee&p=%s -> 
64bit-HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2010/12/07 15:42:12 | 000,306,536 | ---- | M] (McAfee, Inc.)
HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Latour\AppData\Roaming\Mozilla\FireFox\Profiles\a2dxq1z8.default\prefs.js -> 
browser.search.defaultenginename -> "Bing" ->
browser.search.defaulturl -> "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=" ->
browser.search.suggest.enabled -> false ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
extensions.enabledItems -> {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 ->
extensions.enabledItems -> {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.2.0 ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 ->
extensions.enabledItems -> firebug@software.joehewitt.com:1.6.0 ->
extensions.enabledItems -> {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0 ->
extensions.enabledItems -> {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files (x86)\McAfee\SiteAdvisor [C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR] -> [2010/12/16 14:02:18 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/10 18:22:19 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/12/10 18:22:19 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions ->  -> 
HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components -> C:\Program Files (x86)\Mozilla Thunderbird\components [C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/12/10 17:22:30 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Latour\AppData\Roaming\Mozilla\Extensions -> [2010/10/01 23:54:22 | 000,000,000 | ---D | M]
No name found   -> C:\Users\Latour\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/10/01 23:54:22 | 000,000,000 | ---D | M]
  -> C:\Users\Latour\AppData\Roaming\Mozilla\Firefox\Profiles\a2dxq1z8.default\extensions -> [2010/12/27 03:12:19 | 000,000,000 | ---D | M]
LightShot (screenshot tool)   -> C:\Users\Latour\AppData\Roaming\Mozilla\Firefox\Profiles\a2dxq1z8.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} -> [2010/12/26 17:01:01 | 000,000,000 | ---D | M]
AddThis   -> C:\Users\Latour\AppData\Roaming\Mozilla\Firefox\Profiles\a2dxq1z8.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} -> [2010/10/17 02:00:01 | 000,000,000 | ---D | M]
Zynga Toolbar   -> C:\Users\Latour\AppData\Roaming\Mozilla\Firefox\Profiles\a2dxq1z8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} -> [2010/09/24 03:43:22 | 000,000,000 | ---D | M]
FireFTP   -> C:\Users\Latour\AppData\Roaming\Mozilla\Firefox\Profiles\a2dxq1z8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} -> [2010/12/09 16:31:15 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Users\Latour\AppData\Roaming\Mozilla\Firefox\Profiles\a2dxq1z8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/12/23 18:09:28 | 000,000,000 | ---D | M]
  -> C:\Users\Latour\AppData\Roaming\Mozilla\Firefox\Profiles\a2dxq1z8.default\extensions\firebug@software.joehewitt.com -> [2010/12/01 01:27:43 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/11/17 12:39:41 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/11/17 12:39:41 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/18 16:37:24 | 000,000,761 | ---- | M] - 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
::1             localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2010/12/07 15:42:12 | 000,306,536 | ---- | M] (McAfee, Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2010/09/23 16:14:41 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2010/12/07 15:42:12 | 000,306,536 | ---- | M] (McAfee, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\] > -> HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/03/14 20:32:34 | 000,070,912 | ---- | M] (Hewlett-Packard)
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/10/16 01:03:00 | 015,853,088 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/10/16 01:03:00 | 000,082,464 | ---- | M] (NVIDIA Corporation)
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2008/03/26 08:20:32 | 006,150,656 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2010/09/24 04:15:10 | 000,040,368 | ---- | M] (Adobe Systems Incorporated)
"avast5" -> C:\Program Files\Alwil Software\Avast5\avastUI.exe ["C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui] -> [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software)
"dfg49df" -> c:\windows\mike148.exe [c:\windows\mike148.exe] -> File not found
"hpsysdrv" -> c:\hp\support\hpsysdrv.exe [c:\hp\support\hpsysdrv.exe] -> [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company)
< Run [HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\] > -> HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"LightShot" -> C:\Users\Latour\AppData\Local\Skillbrains\lightshot\LightShot.exe [C:\Users\Latour\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue] -> [2010/01/02 09:46:36 | 000,195,072 | ---- | M] ()
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000] > -> HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoAutoUpdate" ->  [1] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000] > -> HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000] > -> HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/10/14 18:44:02 | 004,280,320 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/10/14 18:44:02 | 004,280,320 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\] > -> HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\SysWow64\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/10/14 18:44:02 | 004,280,320 | ---- | M] (Google Inc.)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\] > -> HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
facebook.com .[https] -> Trusted sites -> 
login_facebook.com [http] -> Trusted sites -> 
www_facebook.com [http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\] > -> HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3277819695-1425591375-2426357032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
Range1 [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{AA4BDDF7-A1B1-469D-8251-5F1C82DFEC4A}\\DhcpNameServer -> 192.168.0.1   (NVIDIA nForce 10/100 Mbps Ethernet ) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{3661AFF5-1689-4BA5-892A-331FCC2E5A3D} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{3D4178D3-F20F-4A35-B159-9A09DA5526C1} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{4C716FC9-8D2B-4827-B88B-AF25192A5139} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{99EDDDD3-6E7F-406E-A6F9-B4A3B3DFC659} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{164DA46D-C3E3-470F-B3BF-DB05298865DF} -> profile=private | protocol=17 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe | 
{1F332574-3806-4683-ADA1-2CA7E0868696} -> profile=private | protocol=6 | dir=in | action=allow | name=vncviewer.exe | app=c:\users\latour\appdata\local\crossloop\vncviewer.exe | 
{27195B9E-FC74-4CF5-8009-D6AE174DFD2B} -> profile=private | protocol=6 | dir=in | action=allow | name=frostwire | app=c:\program files (x86)\frostwire\frostwire.exe | 
{28A51C33-EAA7-477B-A043-8930F8F48F4A} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{59001754-8EC2-40B3-9E06-997C0B15C55E} -> profile=private | protocol=6 | dir=in | action=allow | name=tvnserver.exe | app=c:\users\latour\appdata\local\crossloop\tvnserver.exe | 
{5D6486D0-DB20-4C92-B1E5-DCCC299FAC5D} -> profile=private | protocol=6 | dir=in | action=allow | name=dropbox | app=c:\users\latour\appdata\roaming\dropbox\bin\dropbox.exe | 
{6ECE099B-68D7-4A2E-8322-D45EDB711207} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
{7278986B-9019-480B-AEDA-A851864C65DF} -> profile=private | protocol=17 | dir=in | action=allow | name=vncviewer.exe | app=c:\users\latour\appdata\local\crossloop\vncviewer.exe | 
{85D56DB3-432E-4493-B20D-A3B1D501DA84} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{8999E3A7-FB7D-4CE7-84FF-E2F8FEEB42BC} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\program files (x86)\world of warcraft\launcher.exe | 
{921670B7-8779-4652-AC40-6E4B68D68E68} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
{928F9776-22FA-417B-9F1F-EA41DCBAB8F7} -> profile=private | protocol=17 | dir=in | action=allow | name=dropbox | app=c:\users\latour\appdata\roaming\dropbox\bin\dropbox.exe | 
{98B4D8EA-849A-444E-B0E4-24B06E4D88B1} -> profile=private | protocol=6 | dir=in | action=allow | name=norton removal tool | app=c:\users\latour\appdata\local\temp\7zs50de.tmp\symnrt.exe | 
{A3DB6B6F-13E3-45AB-AF4C-DB2A4644117D} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{C18DDDEA-B891-4A93-A10F-486B2773C5C5} -> profile=private | protocol=17 | dir=in | action=allow | name=norton removal tool | app=c:\users\latour\appdata\local\temp\7zs50de.tmp\symnrt.exe | 
{CC31B54E-F751-4320-BC06-62CD4A591476} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{D25CD6FC-21AD-4893-AAEB-C98708A118A0} -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
{DCB2D1BE-F987-4DBA-8F9B-BB54581E383D} -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\program files (x86)\world of warcraft\launcher.exe | 
{E6B1388C-82AE-4B23-952A-663323E5D54F} -> profile=private | protocol=17 | dir=in | action=allow | name=tvnserver.exe | app=c:\users\latour\appdata\local\crossloop\tvnserver.exe | 
TCP Query User{564C8C45-1F91-4E44-8397-CA9CF1E9F623}C:\program files (x86)\world of warcraft\blizzard downloader.exe -> profile=public | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe | 
TCP Query User{92C6F44B-5F0D-43C5-94EE-9AB44EB56BF7}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | 
TCP Query User{C0F62873-6252-4A9B-AEA0-8950C1CE22C2}C:\users\latour\appdata\local\crossloop\crossloopconnect.exe -> profile=private | protocol=6 | dir=in | action=block | name=crossloopconnect.exe | app=c:\users\latour\appdata\local\crossloop\crossloopconnect.exe | 
TCP Query User{D538F1C0-C20B-454A-80D3-C470453C4FF9}C:\users\latour\appdata\roaming\dropbox\bin\dropbox.exe -> profile=public | protocol=6 | dir=in | action=allow | name=dropbox.exe | app=c:\users\latour\appdata\roaming\dropbox\bin\dropbox.exe | 
TCP Query User{EA897892-55E1-4170-BE11-7F8662579D18}C:\users\latour\appdata\local\crossloop\crossloopconnect.exe -> profile=public | protocol=6 | dir=in | action=block | name=crossloopconnect.exe | app=c:\users\latour\appdata\local\crossloop\crossloopconnect.exe | 
UDP Query User{1C94B30E-F0A5-4434-83D2-8614FBCA33D8}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe | 
UDP Query User{588FA369-7C16-45E2-8CBD-A740E1369D0A}C:\users\latour\appdata\local\crossloop\crossloopconnect.exe -> profile=private | protocol=17 | dir=in | action=block | name=crossloopconnect.exe | app=c:\users\latour\appdata\local\crossloop\crossloopconnect.exe | 
UDP Query User{C74F1433-3E95-493E-8095-5431DED97A30}C:\program files (x86)\world of warcraft\blizzard downloader.exe -> profile=public | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe | 
UDP Query User{DAA0809B-E961-4069-9713-D5FF43ED9BA8}C:\users\latour\appdata\roaming\dropbox\bin\dropbox.exe -> profile=public | protocol=17 | dir=in | action=allow | name=dropbox.exe | app=c:\users\latour\appdata\roaming\dropbox\bin\dropbox.exe | 
UDP Query User{E6CA26F5-F225-493E-B6DA-B907B70757FA}C:\users\latour\appdata\local\crossloop\crossloopconnect.exe -> profile=public | protocol=17 | dir=in | action=block | name=crossloopconnect.exe | app=c:\users\latour\appdata\local\crossloop\crossloopconnect.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/04/11 00:34:39 | 000,079,872 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
F:\autorun.inf [[autorun] | open="unlock.exe" autoplay=true | ICON="WD SmartWare\SmartWare_CD.ICO" | ] -> F:\autorun.inf [ UDF ] -> [2010/05/06 10:21:18 | 000,000,082 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Latour\Desktop\OTS.exe -> [2010/12/27 17:15:25 | 000,642,048 | ---- | C] (OldTimer Tools)
 aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2010/12/27 03:58:20 | 000,121,936 | ---- | C] (AVAST Software)
 aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2010/12/27 03:58:20 | 000,028,752 | ---- | C] (AVAST Software)
 aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2010/12/27 03:58:20 | 000,020,048 | ---- | C] (AVAST Software)
 aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2010/12/27 03:58:19 | 000,061,008 | ---- | C] (AVAST Software)
 aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2010/12/27 03:58:19 | 000,051,280 | ---- | C] (AVAST Software)
 avastSS.scr -> C:\Windows\avastSS.scr -> [2010/12/27 03:58:00 | 000,038,848 | ---- | C] (AVAST Software)
 aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2010/12/27 03:57:59 | 000,167,592 | ---- | C] (AVAST Software)
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/12/27 03:46:04 | 000,000,000 | -HSD | C]
 temp -> C:\Windows\temp -> [2010/12/27 03:34:47 | 000,000,000 | ---D | C]
 temp -> C:\Users\Latour\AppData\Local\temp -> [2010/12/27 03:34:47 | 000,000,000 | ---D | C]
 SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/12/27 03:21:37 | 000,212,480 | ---- | C] (SteelWerX)
 SWREG.exe -> C:\Windows\SWREG.exe -> [2010/12/27 02:42:02 | 000,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2010/12/27 02:42:02 | 000,136,704 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/12/27 02:42:02 | 000,031,232 | ---- | C] (NirSoft)
 ERDNT -> C:\Windows\ERDNT -> [2010/12/27 02:41:57 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2010/12/27 02:41:01 | 000,000,000 | ---D | C]
 CCleaner -> C:\Program Files\CCleaner -> [2010/12/26 21:20:00 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2010/12/26 17:03:35 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Program Files (x86)\Spybot - Search & Destroy -> [2010/12/26 17:03:35 | 000,000,000 | ---D | C]
 World of Warcraft -> C:\Program Files (x86)\World of Warcraft -> [2010/12/23 22:46:17 | 000,000,000 | ---D | C]
 Blizzard Entertainment -> C:\Program Files (x86)\Common Files\Blizzard Entertainment -> [2010/12/23 22:46:17 | 000,000,000 | ---D | C]
 Blizzard Entertainment -> C:\ProgramData\Blizzard Entertainment -> [2010/12/23 22:45:37 | 000,000,000 | ---D | C]
 Microsoft Games -> C:\Users\Latour\AppData\Local\Microsoft Games -> [2010/12/23 20:25:19 | 000,000,000 | ---D | C]
 atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2010/12/14 23:11:00 | 000,367,104 | ---- | C] (Adobe Systems Incorporated)
 atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2010/12/14 23:10:59 | 000,292,352 | ---- | C] (Adobe Systems Incorporated)
 fontsub.dll -> C:\Windows\SysNative\fontsub.dll -> [2010/12/14 23:10:59 | 000,096,256 | ---- | C] (Microsoft Corporation)
 fontsub.dll -> C:\Windows\SysWow64\fontsub.dll -> [2010/12/14 23:10:59 | 000,072,704 | ---- | C] (Microsoft Corporation)
 atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2010/12/14 23:10:59 | 000,048,128 | ---- | C] (Adobe Systems)
 atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2010/12/14 23:10:59 | 000,034,304 | ---- | C] (Adobe Systems)
 consent.exe -> C:\Windows\SysNative\consent.exe -> [2010/12/14 23:10:08 | 000,087,552 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2010/12/14 23:09:48 | 000,710,656 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2010/12/14 23:09:48 | 000,602,112 | ---- | C] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2010/12/14 23:09:48 | 000,252,416 | ---- | C] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysNative\occache.dll -> [2010/12/14 23:09:48 | 000,243,712 | ---- | C] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2010/12/14 23:09:48 | 000,173,568 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2010/12/14 23:09:48 | 000,096,768 | ---- | C] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysNative\licmgr10.dll -> [2010/12/14 23:09:48 | 000,056,832 | ---- | C] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2010/12/14 23:09:48 | 000,013,312 | ---- | C] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2010/12/14 23:09:48 | 000,012,288 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2010/12/14 23:09:47 | 001,538,560 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2010/12/14 23:09:47 | 001,469,440 | ---- | C] (Microsoft Corporation)
 html.iec -> C:\Windows\SysNative\html.iec -> [2010/12/14 23:09:47 | 000,479,232 | ---- | C] (Microsoft Corporation)
 html.iec -> C:\Windows\SysWow64\html.iec -> [2010/12/14 23:09:47 | 000,385,024 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2010/12/14 23:09:47 | 000,219,136 | ---- | C] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysWow64\occache.dll -> [2010/12/14 23:09:47 | 000,206,848 | ---- | C] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2010/12/14 23:09:47 | 000,184,320 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2010/12/14 23:09:47 | 000,164,352 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2010/12/14 23:09:47 | 000,162,816 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2010/12/14 23:09:47 | 000,133,632 | ---- | C] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2010/12/14 23:09:47 | 000,132,096 | ---- | C] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2010/12/14 23:09:47 | 000,109,056 | ---- | C] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2010/12/14 23:09:47 | 000,077,312 | ---- | C] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2010/12/14 23:09:47 | 000,072,192 | ---- | C] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2010/12/14 23:09:47 | 000,071,680 | ---- | C] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2010/12/14 23:09:47 | 000,070,656 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2010/12/14 23:09:47 | 000,066,560 | ---- | C] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2010/12/14 23:09:47 | 000,055,808 | ---- | C] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2010/12/14 23:09:47 | 000,043,520 | ---- | C] (Microsoft Corporation)
 taskschd.dll -> C:\Windows\SysNative\taskschd.dll -> [2010/12/14 23:09:20 | 000,655,872 | ---- | C] (Microsoft Corporation)
 wmicmiplugin.dll -> C:\Windows\SysNative\wmicmiplugin.dll -> [2010/12/14 23:09:20 | 000,500,224 | ---- | C] (Microsoft Corporation)
 taskcomp.dll -> C:\Windows\SysNative\taskcomp.dll -> [2010/12/14 23:09:19 | 000,410,112 | ---- | C] (Microsoft Corporation)
 taskschd.dll -> C:\Windows\SysWow64\taskschd.dll -> [2010/12/14 23:09:19 | 000,352,768 | ---- | C] (Microsoft Corporation)
 taskcomp.dll -> C:\Windows\SysWow64\taskcomp.dll -> [2010/12/14 23:09:19 | 000,270,336 | ---- | C] (Microsoft Corporation)
 taskeng.exe -> C:\Windows\SysNative\taskeng.exe -> [2010/12/14 23:09:19 | 000,267,776 | ---- | C] (Microsoft Corporation)
 Nero Micro 9.2.6 -> C:\Windows\Nero Micro 9.2.6 -> [2010/12/02 05:04:45 | 000,000,000 | ---D | C]
 MOVIES -> C:\Users\Latour\Desktop\MOVIES -> [2010/12/02 04:56:55 | 000,000,000 | ---D | C]
 twilbooks_-_www.themastibay.com -> C:\Users\Latour\Desktop\twilbooks_-_www.themastibay.com -> [2010/11/30 14:58:26 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 update-sys.job -> C:\Windows\tasks\update-sys.job -> [2010/12/27 17:20:00 | 000,000,390 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/12/27 17:19:50 | 000,003,616 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/12/27 17:19:50 | 000,003,616 | -H-- | M] ()
 OTS.exe -> C:\Users\Latour\Desktop\OTS.exe -> [2010/12/27 17:15:25 | 000,642,048 | ---- | M] (OldTimer Tools)
 update-S-1-5-21-3277819695-1425591375-2426357032-1000.job -> C:\Windows\tasks\update-S-1-5-21-3277819695-1425591375-2426357032-1000.job -> [2010/12/27 13:30:00 | 000,000,390 | ---- | M] ()
 HiJackThis.lnk -> C:\Users\Latour\Desktop\HiJackThis.lnk -> [2010/12/27 11:35:58 | 000,002,561 | ---- | M] ()
 config.nt -> C:\Windows\SysWow64\config.nt -> [2010/12/27 03:58:19 | 000,000,000 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/12/27 03:27:22 | 000,703,388 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/12/27 03:27:22 | 000,604,264 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/12/27 03:27:22 | 000,103,964 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2010/12/27 03:19:46 | 000,067,584 | --S- | M] ()
 PEV.cfxxe.png -> C:\Users\Latour\Desktop\PEV.cfxxe.png -> [2010/12/27 02:51:34 | 000,177,376 | ---- | M] ()
 Shorte85.exe -> C:\Users\Latour\Desktop\Shorte85.exe -> [2010/12/27 02:40:19 | 003,998,686 | R--- | M] ()
 LauncherProIcons-3.3.1.apk -> C:\Users\Latour\Desktop\LauncherProIcons-3.3.1.apk -> [2010/12/27 02:25:16 | 000,325,845 | ---- | M] ()
 dds.scr -> C:\Users\Latour\Desktop\dds.scr -> [2010/12/26 16:10:26 | 000,624,128 | ---- | M] ()
 Screenshot_1.png -> C:\Users\Latour\Desktop\Screenshot_1.png -> [2010/12/26 16:07:36 | 000,123,865 | ---- | M] ()
 mike148.jpg -> C:\Users\Latour\Desktop\mike148.jpg -> [2010/12/24 19:46:29 | 000,005,544 | ---- | M] ()
 virus.jpg -> C:\Users\Latour\Desktop\virus.jpg -> [2010/12/24 19:44:54 | 000,135,706 | ---- | M] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2010/12/24 18:44:33 | 000,000,258 | RHS- | M] ()
 5456456z -> C:\Windows\5456456z -> [2010/12/24 13:38:52 | 000,000,001 | ---- | M] ()
 World of Warcraft.lnk -> C:\Users\Public\Desktop\World of Warcraft.lnk -> [2010/12/23 22:51:30 | 000,000,905 | ---- | M] ()
 WOW-4.0.0.12911-enUS-Trial.exe -> C:\Users\Latour\Desktop\WOW-4.0.0.12911-enUS-Trial.exe -> [2010/12/23 22:45:13 | 032,157,120 | ---- | M] ()
 HPCeeScheduleForLatour.job -> C:\Windows\tasks\HPCeeScheduleForLatour.job -> [2010/12/23 15:46:01 | 000,000,338 | ---- | M] ()
 UserProducts.xml -> C:\Users\Latour\AppData\Local\UserProducts.xml -> [2010/12/20 17:38:16 | 000,000,547 | ---- | M] ()
 Windows Live Messenger.lnk -> C:\Users\Latour\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk -> [2010/12/15 14:03:39 | 000,002,081 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/12/15 01:16:28 | 000,378,456 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Latour\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/12/02 13:19:33 | 000,017,920 | ---- | M] ()
 
[Files - No Company Name]
 dd_vcredistMSI0EC9.txt -> C:\Users\Latour\AppData\Local\dd_vcredistMSI0EC9.txt -> [2010/12/27 03:58:07 | 000,372,364 | ---- | C] ()
 dd_vcredistUI0EC9.txt -> C:\Users\Latour\AppData\Local\dd_vcredistUI0EC9.txt -> [2010/12/27 03:58:03 | 000,012,682 | ---- | C] ()
 PEV.cfxxe.png -> C:\Users\Latour\Desktop\PEV.cfxxe.png -> [2010/12/27 02:51:34 | 000,177,376 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2010/12/27 02:42:02 | 000,256,512 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2010/12/27 02:42:02 | 000,098,816 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2010/12/27 02:42:02 | 000,089,088 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2010/12/27 02:42:02 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2010/12/27 02:42:02 | 000,068,096 | ---- | C] ()
 Shorte85.exe -> C:\Users\Latour\Desktop\Shorte85.exe -> [2010/12/27 02:39:56 | 003,998,686 | R--- | C] ()
 LauncherProIcons-3.3.1.apk -> C:\Users\Latour\Desktop\LauncherProIcons-3.3.1.apk -> [2010/12/27 02:25:16 | 000,325,845 | ---- | C] ()
 dds.scr -> C:\Users\Latour\Desktop\dds.scr -> [2010/12/26 16:10:24 | 000,624,128 | ---- | C] ()
 Screenshot_1.png -> C:\Users\Latour\Desktop\Screenshot_1.png -> [2010/12/26 16:07:32 | 000,123,865 | ---- | C] ()
 mike148.jpg -> C:\Users\Latour\Desktop\mike148.jpg -> [2010/12/24 19:46:29 | 000,005,544 | ---- | C] ()
 virus.jpg -> C:\Users\Latour\Desktop\virus.jpg -> [2010/12/24 19:44:54 | 000,135,706 | ---- | C] ()
 ntuser.pol -> C:\ProgramData\ntuser.pol -> [2010/12/24 18:44:33 | 000,000,258 | RHS- | C] ()
 5456456z -> C:\Windows\5456456z -> [2010/12/24 13:38:52 | 000,000,001 | ---- | C] ()
 World of Warcraft.lnk -> C:\Users\Public\Desktop\World of Warcraft.lnk -> [2010/12/23 22:46:17 | 000,000,905 | ---- | C] ()
 WOW-4.0.0.12911-enUS-Trial.exe -> C:\Users\Latour\Desktop\WOW-4.0.0.12911-enUS-Trial.exe -> [2010/12/23 22:42:15 | 032,157,120 | ---- | C] ()
 Windows Live Messenger.lnk -> C:\Users\Latour\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk -> [2010/12/15 14:03:39 | 000,002,081 | ---- | C] ()
 LWLLHttpsUpload2.dll -> C:\Windows\SysWow64\LWLLHttpsUpload2.dll -> [2010/10/05 11:29:20 | 000,151,552 | ---- | C] ()
 regobj.dll -> C:\Windows\SysWow64\regobj.dll -> [2010/10/05 11:29:20 | 000,040,448 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Latour\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/10/01 19:42:31 | 000,017,920 | ---- | C] ()
 EhStorAuthn.dll -> C:\Windows\SysWow64\EhStorAuthn.dll -> [2010/09/26 10:30:02 | 000,117,248 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2010/09/26 10:28:57 | 000,368,640 | ---- | C] ()
 UserProducts.xml -> C:\Users\Latour\AppData\Local\UserProducts.xml -> [2010/09/24 12:00:14 | 000,000,547 | ---- | C] ()
 updater.log -> C:\Users\Latour\AppData\Local\updater.log -> [2010/09/24 12:00:12 | 000,199,270 | ---- | C] ()
 hpzinstall.log -> C:\ProgramData\hpzinstall.log -> [2010/09/24 11:51:11 | 000,010,165 | ---- | C] ()
 dd_vcredistMSI42D2.txt -> C:\Users\Latour\AppData\Local\dd_vcredistMSI42D2.txt -> [2010/09/24 03:22:10 | 000,426,464 | ---- | C] ()
 dd_vcredistUI42D2.txt -> C:\Users\Latour\AppData\Local\dd_vcredistUI42D2.txt -> [2010/09/24 03:22:10 | 000,011,618 | ---- | C] ()
 pythoncom25.dll -> C:\Windows\SysWow64\pythoncom25.dll -> [2008/07/07 16:03:49 | 000,327,680 | ---- | C] ()
 pywintypes25.dll -> C:\Windows\SysWow64\pywintypes25.dll -> [2008/07/07 16:03:49 | 000,102,400 | ---- | C] ()
 tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 21:50:05 | 000,060,124 | ---- | C] ()
< End of report >

UPDATE: Just wanted to let you know that I ended up leaving all options other than the scan all users alone and as default. Hope that is what you wanted, if there is something missing or needed to be changed please let me know and I'll re-run the scan. :)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Start OTS. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


Code:
[Unregister Dlls]
[Processes - Safe List]
NY -> crossloopservice.exe -> C:\Users\Latour\AppData\Local\CrossLoop\CrossLoopService.exe
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "dfg49df" -> c:\windows\mike148.exe [c:\windows\mike148.exe]
[Files/Folders - Modified Within 30 Days]
NY ->  5456456z -> C:\Windows\5456456z
[Files - No Company Name]
NY ->  5456456z -> C:\Windows\5456456z
[Empty Temp Folders]
[EmptyFlash]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
 

Shorte85

Thread Starter
Joined
Sep 17, 2010
Messages
187
After restarting the PC, this is the file that was opening:

OTS FIX LOG

All Processes Killed
[Processes - Safe List]
No active process named crossloopservice.exe was found!
C:\Users\Latour\AppData\Local\CrossLoop\CrossLoopService.exe moved successfully.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dfg49df deleted successfully.
File c:\windows\mike148.exe not found.
[Files/Folders - Modified Within 30 Days]
C:\Windows\5456456z moved successfully.
[Files - No Company Name]
File C:\Windows\5456456z not found!
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Latour
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4472316 bytes
->Java cache emptied: 4410088 bytes
->FireFox cache emptied: 112789472 bytes
->Flash cache emptied: 60419 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65907 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1625879 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 118.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Latour
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.40.1 fix logfile created on 12282010_114140

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

=======================================================================

File c:\windows\mike148.exe not found.

Now this file above, when I had the screen shot that I had provided in the first post come up, I had noticed in my Task Manager that there was a file called mike148.exe in the list, didn't know what it was but I figured it was associated with the iexplorer.exe that was popping up and what not. I just wanted to let you know about that.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
How is the computer now

are you having any problems with it now
 

Shorte85

Thread Starter
Joined
Sep 17, 2010
Messages
187
PC Seems to be fine so far, and I don't seem to be having any of the windows that were popping up and acting as if they were scanning the PC harddrive and what not (the screen shot shown in first post).

Is there a way to make sure that it is completely off the PC? I guess I'm anal about it because I normally NEVER have issues like this before, this is the first time I've had a real issue on having something like this happen. I don't want it to happen again. lol
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
it is as clear as I can see

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
 

Shorte85

Thread Starter
Joined
Sep 17, 2010
Messages
187
I also wanted to ask, not sure if this is tied into it at all. However, I noticed that a lot of times when I go to restart my computer, that after restarting I have to manually push the power button down til it shuts down because it gets stuck at the blue HP screen, with the options to get into the restore and what not.

Like for an example, when I uninstalled Combofix and then selected to restart my PC it got stuck at the blue HP start up screen 2 times, I ended up having to do a hard shutdown by tower. I don't know what is causing this, but it's been doing this for a little while now. Do you know what could be the cause of this?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
start a new topic in XP for that
there could be hundreds of causes, one of the most common is damaged or defective ACPI drivers
 

Shorte85

Thread Starter
Joined
Sep 17, 2010
Messages
187
Okay, thanks! :) I do appreciate your help with all of this.

Also, I have Vista. :)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
sorry I meant vista forum. I just weasn't looking straight
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top