Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Google Search Results are being redirected other webistes.

Started by coremediawiz , Jan 06 2010 09:07 PM

This topic is locked

17 replies to this topic

#1 coremediawiz

Member

Members
17 posts

Posted 06 January 2010 - 09:07 PM

My google search results are being redirected to random websites. It seems to happen randomly, sometimes I can click a link and get to the page just fine, other times I get redirected. I've used Malwarebytes' Anti-Malware and Spybot - Search & Destroy bu the problem persists after the scan and removal.

I cannot post the rootrepeal log because it does not support 64bit OS's.

DDS (Ver_09-12-01.01) - NTFSX64
Run by Alexander at 20:50:45.78 on Wed 01/06/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2639 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\Alexander\Desktop\install\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [SoftAuto.exe] "c:\program files (x86)\creative\software update 3\SoftAuto.exe"
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\program files (x86)\roxio\roxio burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE
mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {7D2BE7F5-637C-4122-8042-78FDE5A7A51D} = 68.237.161.12,71.243.0.12
TCP: {f088a2db-4c62-4509-b070-8c8aa76d9589} = 68.237.161.12 71.243.0.12
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files (x86)\daemon tools toolbar\DTToolbar64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\alexan~1\appdata\roaming\mozilla\firefox\profiles\z62bzfcs.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\users\alexander\appdata\roaming\mozilla\firefox\profiles\z62bzfcs.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Internal security: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-1-6 218056]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-19 55280]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2009-11-20 92160]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 202752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware doctor\bdt\BDTUpdateService.exe [2010-1-6 112592]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-1-6 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-1-6 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2010-1-6 1141712]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2009-11-19 656624]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-12-16 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
S2 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys [2010-1-6 22104]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-12-16 7408]

=============== Created Last 30 ================

2010-01-07 01:39:27 882 ----a-w- c:\windows\RegSDImport.xml
2010-01-07 01:39:27 880 ----a-w- c:\windows\RegISSImport.xml
2010-01-07 01:39:27 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-07 01:39:27 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-07 01:39:27 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-07 01:39:27 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-07 01:39:27 131 ----a-w- c:\windows\IDB.zip
2010-01-07 01:39:27 1152444 ----a-w- c:\windows\UDB.zip
2010-01-07 01:32:38 7357 ----a-w- c:\windows\system32\drivers\pctgntdi64.cat
2010-01-07 01:32:38 306648 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-01-07 01:32:38 132048 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-01-07 01:32:36 7353 ----a-w- c:\windows\system32\drivers\pctcore64.cat
2010-01-07 01:32:36 218056 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2010-01-07 01:32:31 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2010-01-07 01:32:31 7353 ----a-w- c:\windows\system32\drivers\pctplsg64.cat
2010-01-07 01:32:28 0 d-----w- c:\users\alexan~1\appdata\roaming\PC Tools
2010-01-07 01:32:28 0 d-----w- c:\programdata\PC Tools
2010-01-07 01:32:28 0 d-----w- c:\program files (x86)\Spyware Doctor
2010-01-07 01:32:28 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-01-07 00:57:35 0 d---a-w- c:\programdata\TEMP
2010-01-07 00:50:02 0 d-----w- C:\fixwareout
2010-01-06 11:53:24 0 d-----w- c:\users\alexander\DoctorWeb
2010-01-06 10:47:11 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-06 10:47:05 0 d-----w- c:\users\alexan~1\appdata\roaming\SUPERAntiSpyware.com
2010-01-06 10:47:05 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2010-01-06 10:46:52 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-01-06 09:40:05 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 08:07:02 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-06 08:07:02 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-01-06 07:46:30 0 d-----w- c:\program files (x86)\TrendMicro
2010-01-04 19:17:46 0 d--h--w- c:\programdata\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2010-01-04 19:17:30 0 d--h--w- c:\programdata\{C8754401-336A-464F-9518-B1330985CE63}
2010-01-04 16:34:37 0 d-sh--w- c:\users\alexan~1\appdata\roaming\SystemProc
2010-01-03 00:47:32 0 d-----w- c:\program files (x86)\Nero
2010-01-03 00:36:13 5 ----a-w- c:\windows\syswow64\CoLe.tmp
2009-12-31 09:51:11 0 d-----w- c:\program files (x86)\MagicISO
2009-12-30 14:50:30 8192 ----a-w- c:\windows\d3dx.dat
2009-12-26 12:46:30 163840 ----a-w- c:\windows\syswow64\Updater.exe
2009-12-22 01:56:23 0 d-----w- c:\programdata\CyberLink
2009-12-17 22:29:29 0 d-----w- c:\programdata\ATI
2009-12-17 22:27:33 0 d-----w- c:\program files (x86)\ATI
2009-12-17 22:26:34 0 d-----w- c:\program files\ATI Technologies
2009-12-17 22:00:37 0 d-----w- c:\program files\ATI
2009-12-17 21:59:53 0 d-----w- C:\ATI
2009-12-15 06:07:38 0 d-----w- c:\users\alexan~1\appdata\roaming\Hoyle FaceCreator
2009-12-15 06:07:34 0 d-----w- c:\users\alexan~1\appdata\roaming\Hoyle
2009-12-15 06:05:04 0 d-----w- c:\program files (x86)\common files\Datalode
2009-12-15 06:03:49 57776 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-12-15 06:03:49 0 d-----w- c:\program files (x86)\PowerISO
2009-12-14 08:00:28 0 d-----w- c:\program files (x86)\MSXML 4.0
2009-12-13 17:13:08 1391104 ----a-w- C:\apploc.msi
2009-12-13 16:58:59 0 d-----w- c:\windows\syswow64\(18____)[091002] [ILLUSION] ___________! (iso+mds rr3%)
2009-12-13 00:28:05 0 d-----w- c:\programdata\Nero
2009-12-13 00:14:09 0 d-----w- c:\users\alexan~1\appdata\roaming\AVS4YOU
2009-12-13 00:14:08 0 d-----w- c:\programdata\AVS4YOU
2009-12-13 00:13:00 0 d-----w- c:\program files (x86)\common files\AVSMedia
2009-12-13 00:12:42 974848 ----a-w- c:\windows\syswow64\mfc70.dll
2009-12-13 00:12:42 487424 ----a-w- c:\windows\syswow64\msvcp70.dll
2009-12-13 00:12:42 344064 ----a-w- c:\windows\syswow64\msvcr70.dll
2009-12-13 00:12:42 24576 ----a-w- c:\windows\syswow64\msxml3a.dll
2009-12-13 00:12:42 1700352 ----a-w- c:\windows\syswow64\GdiPlus.dll
2009-12-13 00:12:42 0 d-----w- c:\program files (x86)\AVS4YOU
2009-12-12 17:30:23 0 d-----w- c:\program files (x86)\Encore
2009-12-10 16:07:20 0 d-----w- c:\program files (x86)\BIGBANG BEAT 1st Impression
2009-12-10 10:44:14 0 d-----w- c:\programdata\{F3D79B30-A394-4389-B080-D198DF1E6244}
2009-12-10 10:43:48 0 d-----w- c:\program files (x86)\3D Custom Girl
2009-12-09 21:40:10 0 d-----w- c:\program files (x86)\TechArts3D
2009-12-09 20:16:31 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-12-09 20:16:31 5958656 ----a-w- c:\windows\syswow64\mshtml.dll

==================== Find3M ====================

2009-12-04 02:13:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-03 23:01:24 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-03 22:41:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-11-25 03:52:14 6174720 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-25 03:18:02 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:17:52 446976 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17:16 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2009-11-25 03:15:36 421376 ----a-w- c:\windows\system32\atipdl64.dll
2009-11-25 03:15:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2009-11-25 03:15:14 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll
2009-11-25 03:15:06 12288 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:15:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2009-11-25 03:14:58 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2009-11-25 03:12:12 3055616 ----a-w- c:\windows\syswow64\atidxx32.dll
2009-11-25 03:04:30 3661824 ----a-w- c:\windows\system32\atidxx64.dll
2009-11-25 03:02:20 17625088 ----a-w- c:\windows\system32\atio6axx.dll
2009-11-25 02:55:58 3617792 ----a-w- c:\windows\syswow64\atiumdag.dll
2009-11-25 02:50:14 4683776 ----a-w- c:\windows\system32\atiumd64.dll
2009-11-25 02:44:56 13487616 ----a-w- c:\windows\syswow64\atioglxx.dll
2009-11-25 02:43:54 2601984 ----a-w- c:\windows\system32\atiumd6a.dll
2009-11-25 02:37:58 2899968 ----a-w- c:\windows\syswow64\atiumdva.dll
2009-11-25 02:25:46 53248 ----a-w- c:\windows\system32\atimpc64.dll
2009-11-25 02:25:46 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2009-11-25 02:25:38 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2009-11-25 02:25:38 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2009-11-25 02:25:16 312320 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:25:08 225280 ----a-w- c:\windows\syswow64\atiadlxy.dll
2009-11-25 02:21:54 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2009-11-25 02:21:52 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2009-11-25 02:21:38 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2009-11-25 02:21:36 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2009-11-25 02:21:24 4740096 ----a-w- c:\windows\system32\aticaldd64.dll
2009-11-25 02:20:26 3629056 ----a-w- c:\windows\syswow64\aticaldd.dll
2009-11-25 02:10:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-20 05:54:55 3510 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_537S.mrk
2009-11-20 04:10:53 455680 ----a-w- c:\windows\system32\deploytk.dll
2009-11-03 01:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:48:16 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 07:22:37 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-10-22 15:59:00 196565 ----a-w- c:\windows\system32\atiicdxx.dat
2009-10-11 09:17:33 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-10-11 09:17:32 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-10-11 09:17:31 145184 ----a-w- c:\windows\syswow64\java.exe
2009-10-11 09:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:51:43.30 ===============

Thank you for any help that you can provide.

BC Ads
BleepingComputer.com

#2 thcbytes

Forum Addict

Malware Response Team
12,471 posts

Gender:Male

Posted 06 January 2010 - 09:53 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Spybot

It will interfere with my fixes.

Additional instructions can be found here if needed.

==========

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
Copy and Paste the following code into the textbox. Do not include the word "Code"

CODE
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
Push
A report will open. Copy and Paste that report in your next reply.
Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

==========

Download LockSearch by jpshortstuff to your desktop

A window will pop up, Press 2 and then Enter.
A scan will start, let it run uninterrupted.
It should only take a few minutes.
A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop.
- Post the contents of the log in your reply

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* LockSearch log

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#3 coremediawiz

Member

Members
17 posts

Posted 07 January 2010 - 07:39 AM

Thank you once again for your help. I have run the scans as instructed. Here are the results:

OTL logfile created on: 1/7/2010 7:30:28 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Alexander\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 97.73 Gb Free Space | 34.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 12.24 Gb Free Space | 2.63% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/07 07:15:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
PRC - [2010/01/06 15:50:37 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/30 10:40:26 | 00,341,504 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/10/30 06:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/22 11:56:20 | 00,409,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/10/02 14:46:00 | 00,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/07 11:23:00 | 01,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 21:19:50 | 00,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 22:46:24 | 00,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/05/21 09:59:08 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/14 18:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/18 15:05:28 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/12 22:49:30 | 00,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
PRC - [2007/08/06 19:05:46 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2007/04/02 01:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe

========== Modules (SafeList) ==========

MOD - [2010/01/07 07:15:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
MOD - [2009/07/13 20:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 22:17:16 | 00,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/03/31 14:01:34 | 00,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/18 15:05:28 | 00,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/11/19 23:13:55 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/10/02 14:46:00 | 00,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/07/13 22:20:14 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 22:20:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 20:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 15:30:11 | 00,061,056 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 15:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/21 09:59:08 | 00,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/14 18:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/05/21 06:42:56 | 00,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/04/02 01:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/12/30 14:55:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMDrvService)
DRV:64bit: - [2009/12/03 18:01:24 | 00,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/24 22:52:14 | 06,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/30 09:34:30 | 00,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:21 | 00,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 00,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 00,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 00,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/13 20:48:04 | 00,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:48:04 | 00,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 20:47:49 | 00,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 20:47:48 | 00,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:56 | 00,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 20:45:55 | 00,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 20:45:55 | 00,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 20:45:55 | 00,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:45:46 | 00,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 20:45:45 | 00,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 20:43:14 | 00,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:43:13 | 00,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 19:17:46 | 00,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 19:16:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 19:10:24 | 00,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 19:09:26 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 19:08:13 | 00,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 19:07:21 | 00,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 19:07:13 | 00,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 19:07:00 | 00,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 19:06:52 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 19:06:28 | 00,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 19:06:24 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 19:05:37 | 00,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 19:02:08 | 00,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 19:00:34 | 00,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 19:00:13 | 00,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 18:52:39 | 00,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 18:50:17 | 00,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 18:37:18 | 00,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 18:31:06 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 18:31:03 | 00,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 18:27:17 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 18:19:25 | 00,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/09 05:00:00 | 00,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:35:42 | 00,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 03,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 00,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 00,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 00,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/06 19:21:32 | 00,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2006/11/01 13:51:00 | 00,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/12/16 16:27:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/13 20:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:16:19 | 00,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 20:16:02 | 00,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 16:28:14 | 00,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 16:15:18 | 00,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mbam.sys -- (MBAMDrvService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3552078225-3004815482-650139639-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3552078225-3004815482-650139639-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://g.msn.com/uscon/1 [binary data]
IE - HKU\S-1-5-21-3552078225-3004815482-650139639-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-3552078225-3004815482-650139639-1000\S-1-5-21-3552078225-3004815482-650139639-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {8CE11043-9A15-4207-A565-0C94C42D590D}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 15:50:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/06 15:50:37 | 00,000,000 | ---D | M]

[2009/12/07 10:55:50 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions
[2010/01/06 19:40:40 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\z62bzfcs.default\extensions
[2009/12/03 18:08:23 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\z62bzfcs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/03 18:03:08 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\z62bzfcs.default\extensions\DTToolbar@toolbarnet.com
[2009/12/03 18:03:03 | 00,002,055 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\z62bzfcs.default\searchplugins\daemon-search.xml
[2010/01/06 19:40:40 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/04 11:34:36 | 00,000,000 | ---D | M] (Internal security) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: (371323 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 12797 more lines...
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3552078225-3004815482-650139639-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-3552078225-3004815482-650139639-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3552078225-3004815482-650139639-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3552078225-3004815482-650139639-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3552078225-3004815482-650139639-1000..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3552078225-3004815482-650139639-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3552078225-3004815482-650139639-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Value error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1bcc75b2-e060-11de-8669-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{1bcc75b2-e060-11de-8669-00256482cdde}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{1bcc75d7-e060-11de-8669-00256482cdde}\Shell - "" = AutoRun
O33 - MountPoints2\{1bcc75d7-e060-11de-8669-00256482cdde}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 22:20:14 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: Dhcp - C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: ndiscap - C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/01/07 07:15:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010/01/06 19:57:35 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/06 19:50:02 | 00,000,000 | ---D | C] -- C:\fixwareout
[2010/01/06 08:21:30 | 00,000,000 | ---D | C] -- C:\Users\Alexander\Documents\45702_files
[2010/01/06 06:53:24 | 00,000,000 | ---D | C] -- C:\Users\Alexander\DoctorWeb
[2010/01/06 05:47:11 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/06 05:47:05 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/06 05:47:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/01/06 05:46:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/01/06 04:40:05 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/06 03:07:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/06 03:07:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/01/06 02:46:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/01/04 20:03:36 | 00,000,000 | ---D | C] -- C:\Users\Alexander\Documents\tac0019-0009
[2010/01/04 14:17:56 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Creative
[2010/01/04 14:17:46 | 00,000,000 | -H-D | C] -- C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2010/01/04 14:17:30 | 00,000,000 | -H-D | C] -- C:\ProgramData\{C8754401-336A-464F-9518-B1330985CE63}
[2010/01/04 14:13:40 | 14,362,248 | ---- | C] (Creative Technology Ltd. ) -- C:\Users\Alexander\Documents\ZNCB_PCAppWin7_LA_1_17_01.exe
[2010/01/04 11:34:37 | 00,000,000 | -HSD | C] -- C:\Users\Alexander\AppData\Roaming\SystemProc
[2010/01/03 07:43:17 | 00,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\mugen100rc6
[2010/01/02 19:47:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2009/12/31 04:51:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2009/12/21 20:56:23 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\PowerDVD DX
[2009/12/21 20:56:23 | 00,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2009/12/17 17:29:29 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/12/17 17:27:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2009/12/17 17:26:34 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/12/17 17:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/12/17 16:59:53 | 00,000,000 | ---D | C] -- C:\ATI
[2009/12/16 19:34:33 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\ElevatedDiagnostics
[2009/12/15 01:07:38 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Hoyle FaceCreator
[2009/12/15 01:07:34 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Hoyle
[2009/12/15 01:05:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Datalode
[2009/12/15 01:03:49 | 00,057,776 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2009/12/15 01:03:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2009/12/14 03:00:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2009/12/14 00:06:55 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\vlc
[2009/12/13 12:25:54 | 00,440,320 | ---- | C] (Personal) -- C:\Users\Alexander\Documents\Illusion Registry Fixer.exe
[2009/12/13 12:07:13 | 00,000,000 | ---D | C] -- C:\Users\Alexander\Documents\setup_Botsu_msi_fixed
[2009/12/13 11:58:59 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\(18____)[091002] [ILLUSION] ___________! (iso+mds rr3%)
[2009/12/12 19:34:01 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Nero
[2009/12/12 19:28:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero
[2009/12/12 19:28:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2009/12/12 19:14:09 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\AVS4YOU
[2009/12/12 19:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2009/12/12 19:13:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2009/12/12 19:12:42 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2009/12/12 19:12:42 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2009/12/12 19:12:42 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2009/12/12 19:12:42 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2009/12/12 19:12:42 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2009/12/12 19:12:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2009/12/12 12:30:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Encore
[2009/12/11 21:01:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2009/12/11 19:00:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2009/12/10 11:07:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BIGBANG BEAT 1st Impression
[2009/12/10 05:44:14 | 00,000,000 | ---D | C] -- C:\ProgramData\{F3D79B30-A394-4389-B080-D198DF1E6244}
[2009/12/10 05:43:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\3D Custom Girl
[2009/12/10 05:42:54 | 00,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Seven Zip
[2009/12/09 16:41:43 | 00,000,000 | ---D | C] -- C:\Users\Alexander\Documents\TechArts3D
[2009/12/09 16:40:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TechArts3D
[2009/12/09 15:16:31 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/12/09 15:16:31 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/07 07:31:08 | 06,291,456 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT
[2010/01/07 07:24:06 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 07:24:06 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 07:21:08 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/07 07:21:08 | 00,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/07 07:21:08 | 00,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/07 07:17:02 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/07 07:17:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/07 07:16:51 | 32,204,80000 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 07:16:15 | 04,382,669 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2010/01/07 07:15:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010/01/06 20:31:56 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2010/01/06 08:21:37 | 00,002,137 | ---- | M] () -- C:\Users\Alexander\Documents\45702.htm
[2010/01/06 03:26:15 | 00,371,323 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/01/04 14:31:07 | 00,024,064 | ---- | M] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/04 14:17:34 | 00,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Creative Centrale.lnk
[2010/01/04 14:16:08 | 14,362,248 | ---- | M] (Creative Technology Ltd. ) -- C:\Users\Alexander\Documents\ZNCB_PCAppWin7_LA_1_17_01.exe
[2010/01/03 15:27:36 | 31,066,1319 | ---- | M] () -- C:\Users\Alexander\Documents\tac0152-0021.zip
[2010/01/02 12:38:51 | 37,936,793 | ---- | M] () -- C:\Users\Alexander\Documents\tac0019-0009.zip
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/12/30 14:55:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/30 09:50:30 | 00,008,192 | ---- | M] () -- C:\Windows\d3dx.dat
[2009/12/26 07:46:30 | 00,163,840 | ---- | M] () -- C:\Windows\SysWow64\Updater.exe
[2009/12/19 08:32:30 | 00,037,888 | ---- | M] () -- C:\Users\Alexander\Documents\Law Term Paper.doc
[2009/12/18 12:51:33 | 00,025,600 | ---- | M] () -- C:\Users\Alexander\Documents\Music Final.doc
[2009/12/18 07:45:02 | 00,019,968 | ---- | M] () -- C:\Users\Alexander\Documents\Bibliography.doc
[2009/12/16 11:43:20 | 00,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/12/15 01:05:04 | 00,002,189 | ---- | M] () -- C:\Users\Alexander\Desktop\Hoyle Card Games 2010.lnk
[2009/12/14 00:05:27 | 00,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/12/13 12:25:15 | 00,356,710 | ---- | M] () -- C:\Users\Alexander\Documents\[Illusion][RegistryFixer] [TheShadow][V1.2].zip
[2009/12/13 12:13:09 | 01,391,104 | ---- | M] () -- C:\apploc.msi
[2009/12/13 11:23:32 | 00,112,704 | ---- | M] () -- C:\Users\Alexander\Documents\HexSubs1.3f.zip
[2009/12/13 11:22:54 | 04,097,808 | ---- | M] () -- C:\Users\Alexander\Documents\[Yuusha][Interface][English UI][ruru][1.0].7z
[2009/12/13 11:21:26 | 00,807,124 | ---- | M] () -- C:\Users\Alexander\Documents\Illusion_Wizzard_v045.zip
[2009/12/13 11:18:49 | 00,115,804 | ---- | M] () -- C:\Users\Alexander\Documents\setup_Botsu_msi_fixed.rar
[2009/12/13 11:18:45 | 00,131,875 | ---- | M] () -- C:\Users\Alexander\Documents\Setup.rar
[2009/12/11 19:00:55 | 00,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/08 11:27:04 | 00,025,088 | ---- | M] () -- C:\Users\Alexander\Documents\scrapbook.doc
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/06 08:21:29 | 00,002,137 | ---- | C] () -- C:\Users\Alexander\Documents\45702.htm
[2010/01/04 14:25:14 | 00,024,064 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/04 14:17:34 | 00,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Creative Centrale.lnk
[2010/01/03 14:24:32 | 31,066,1319 | ---- | C] () -- C:\Users\Alexander\Documents\tac0152-0021.zip
[2010/01/02 12:31:18 | 37,936,793 | ---- | C] () -- C:\Users\Alexander\Documents\tac0019-0009.zip
[2009/12/30 09:50:30 | 00,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/12/26 07:46:30 | 00,163,840 | ---- | C] () -- C:\Windows\SysWow64\Updater.exe
[2009/12/18 16:47:58 | 00,037,888 | ---- | C] () -- C:\Users\Alexander\Documents\Law Term Paper.doc
[2009/12/18 07:45:02 | 00,019,968 | ---- | C] () -- C:\Users\Alexander\Documents\Bibliography.doc
[2009/12/17 21:25:26 | 00,025,600 | ---- | C] () -- C:\Users\Alexander\Documents\Music Final.doc
[2009/12/15 01:05:04 | 00,002,189 | ---- | C] () -- C:\Users\Alexander\Desktop\Hoyle Card Games 2010.lnk
[2009/12/13 12:25:14 | 00,356,710 | ---- | C] () -- C:\Users\Alexander\Documents\[Illusion][RegistryFixer] [TheShadow][V1.2].zip
[2009/12/13 12:13:08 | 01,391,104 | ---- | C] () -- C:\apploc.msi
[2009/12/13 12:06:23 | 00,511,488 | ---- | C] () -- C:\Users\Alexander\Documents\setup.msi
[2009/12/13 12:06:23 | 00,001,860 | ---- | C] () -- C:\Users\Alexander\Documents\Setup.ini
[2009/12/13 11:23:31 | 00,112,704 | ---- | C] () -- C:\Users\Alexander\Documents\HexSubs1.3f.zip
[2009/12/13 11:22:43 | 04,097,808 | ---- | C] () -- C:\Users\Alexander\Documents\[Yuusha][Interface][English UI][ruru][1.0].7z
[2009/12/13 11:21:25 | 00,807,124 | ---- | C] () -- C:\Users\Alexander\Documents\Illusion_Wizzard_v045.zip
[2009/12/13 11:18:49 | 00,115,804 | ---- | C] () -- C:\Users\Alexander\Documents\setup_Botsu_msi_fixed.rar
[2009/12/13 11:18:43 | 00,131,875 | ---- | C] () -- C:\Users\Alexander\Documents\Setup.rar
[2009/12/11 19:00:55 | 00,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/08 11:27:04 | 00,025,088 | ---- | C] () -- C:\Users\Alexander\Documents\scrapbook.doc
[2009/12/04 17:01:53 | 00,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/04 17:01:52 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/04 17:01:52 | 00,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/04 17:01:52 | 00,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/04 17:01:52 | 00,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/04 17:01:52 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/12/03 18:16:39 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/20 01:07:19 | 00,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/11/20 01:07:19 | 00,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/11/16 04:48:02 | 00,909,312 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2003/11/16 04:48:00 | 01,060,864 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2003/11/15 11:54:18 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002/10/06 17:42:58 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2009/12/30 08:34:54 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\.purple
[2009/12/03 16:39:22 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\CoreCodec
[2009/12/03 18:12:08 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
[2009/12/27 16:03:38 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Hoyle
[2009/12/15 01:07:38 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Hoyle FaceCreator
[2010/01/06 05:00:18 | 00,000,000 | -HSD | M] -- C:\Users\Alexander\AppData\Roaming\SystemProc
[2010/01/07 07:16:12 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 00,006,384 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/12/30 08:34:54 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\.purple
[2009/12/03 21:37:13 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Adobe
[2009/12/03 16:31:14 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ATI
[2009/12/12 19:14:09 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\AVS4YOU
[2009/12/03 16:39:22 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\CoreCodec
[2010/01/04 14:17:56 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Creative
[2009/12/03 16:36:21 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\CyberLink
[2009/12/03 18:12:08 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
[2009/12/03 16:31:42 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Dell
[2009/12/27 16:03:38 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Hoyle
[2009/12/15 01:07:38 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Hoyle FaceCreator
[2009/12/03 16:30:46 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Identities
[2009/12/03 23:26:26 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\InstallShield
[2009/12/03 18:35:15 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Macromedia
[2009/12/03 16:37:41 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2009/07/14 02:44:38 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Media Center Programs
[2009/12/03 18:47:56 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Media Player Classic
[2009/12/21 20:55:29 | 00,000,000 | --SD | M] -- C:\Users\Alexander\AppData\Roaming\Microsoft
[2009/12/03 18:16:10 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Microsoft Web Folders
[2009/12/07 10:55:50 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla
[2009/12/12 19:34:44 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Nero
[2009/12/03 16:31:18 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Roxio
[2010/01/06 05:47:05 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/06 05:00:18 | 00,000,000 | -HSD | M] -- C:\Users\Alexander\AppData\Roaming\SystemProc
[2010/01/07 07:16:12 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\uTorrent
[2010/01/06 20:33:35 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\vlc
[2009/12/07 15:19:51 | 00,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010/01/06 02:46:31 | 00,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
[2009/12/16 19:06:12 | 00,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-080F53F4E293}\ARPPRODUCTICON.exe
[2009/12/16 19:06:12 | 00,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-080F53F4E293}\NewShortcut1_2510CF9A3D924D1E9124080F53F4E293.exe
[2009/12/13 12:15:07 | 00,029,926 | R--- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
[2009/12/13 12:15:07 | 00,029,422 | R--- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
[2009/12/13 12:22:27 | 00,002,238 | R--- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{A99C800B-C5F3-48B9-AE2F-A9BE1C553111}\ARPPRODUCTICON.exe
[2009/12/13 12:22:27 | 00,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{A99C800B-C5F3-48B9-AE2F-A9BE1C553111}\NewShortcut1_A99C800BC5F348B9AE2FA9BE1C553111_2.exe
[2009/12/17 17:26:48 | 00,010,134 | R--- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}\ARPPRODUCTICON.exe
[2009/12/18 18:24:15 | 00,002,238 | R--- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{D4DA3592-87EA-457F-A254-6C0F1F1D6F1A}\ARPPRODUCTICON.exe
[2009/12/18 18:24:15 | 00,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{D4DA3592-87EA-457F-A254-6C0F1F1D6F1A}\NewShortcut1_D4DA359287EA457FA2546C0F1F1D6F1A_2.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 1/7/2010 7:30:28 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Alexander\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 97.73 Gb Free Space | 34.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 12.24 Gb Free Space | 2.63% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEXANDER-PC
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3552078225-3004815482-650139639-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{257F446A-01ED-739C-16B8-237498DEDDDF}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{014CE100-0A6D-4E45-BC93-A867127AEAFC}" = Battle Raper 2
"{0301AC02-D87B-27E9-9429-7E4BB52D9183}" = CCC Help German
"{03ABC33C-10B1-400E-B1FA-E817FE98D11C}" = YUME MIRU KUSURI
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1350DD04-57AD-6278-3F4D-D4281EEE7C5C}" = Catalyst Control Center Graphics Full New
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A6842E0-3047-BD62-9A28-5A7743D88E2A}" = Catalyst Control Center InstallProxy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2510CF9A-3D92-4D1E-9124-080F53F4E293}" = ILLUSION　@ふぉーむメイト
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{305CAF40-92F0-12ED-8B28-926B011788E4}" = CCC Help Spanish
"{34D6DE28-4FD0-9CCA-CDB4-316F7B3B30B5}" = CCC Help Portuguese
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{5089AEEE-052D-B75F-0B92-7CF981403025}" = Catalyst Control Center Graphics Light
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{52ABC760-CAFC-4FCD-A0AA-5661366199D5}" = ILLUSION SchoolMate
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{54741B98-6335-43A1-C716-25B0A3C4016C}" = Catalyst Control Center Graphics Previews Common
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B94A120-16E7-6034-7494-22285B471EDE}" = CCC Help Hungarian
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E9D082B-F681-64AB-48B4-F3EC05D3A83F}" = CCC Help Chinese Traditional
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81CB0C83-5928-3387-AB23-10EC5F767FA8}" = CCC Help Turkish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B1C55-76D0-0DA3-8C12-10596CBB15BD}" = CCC Help Italian
"{846D0802-8606-7452-85FF-A71EB1B8AD6D}" = Catalyst Control Center Localization All
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DCE118A-1F3C-B056-D2A8-F832523C357C}" = CCC Help English
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96B1A291-2654-4415-59B4-AC90D29C3E1E}" = Catalyst Control Center Core Implementation
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A968BD3-88AF-B4D0-CA9A-78F4EF9FA23B}" = CCC Help Chinese Standard
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F0B447F-7E14-4BB9-BCFE-1D5C06F7EE35}" = Artificial Girl 3
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A52D8A45-B3A1-0022-B096-A0033B03E01F}" = Catalyst Control Center Graphics Full Existing
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A99C800B-C5F3-48B9-AE2F-A9BE1C553111}" = ILLUSION 勇者からは逃げられない！
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3BFAC5-A07A-7845-C576-0CB832E4B0AD}" = Skins
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B49744D5-04C3-4A43-A546-88231D16EF80}" = 3D Custom Girl
"{B4ECB428-6A8D-8D53-4E76-1CEE7AC4BF32}" = CCC Help French
"{B76D6D09-16D6-DF95-F7D7-2565E88B88BA}" = Catalyst Control Center Graphics Previews Vista
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{BD3E0D67-D90D-3CA6-DE34-22B56D425136}" = CCC Help Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CA31F991-DBD2-4DE1-B6D2-30105F23CBBC}" = RapeLay
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D4DA3592-87EA-457F-A254-6C0F1F1D6F1A}" = ILLUSION 箱-はこ-
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8B250A2-582A-6C80-108F-AA68E64A6F03}" = CCC Help Korean
"{FD040188-43B3-2C49-A8BF-5B0458031AED}" = ccc-core-static
"3D Custom Girl" = 3D Custom Girl
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Bazooka Cafe" = Bazooka Cafe
"burnatonce_is1" = burnatonce
"Creative Centrale" = Creative Centrale
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fate-stay night English" = Fate/stay night English v3.2
"GoToAssist" = GoToAssist 8.0.0.514
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Hoyle Card Games 2010" = Hoyle Card Games 2010 (remove only)
"http://www.tinklebell.jp/applictions/ppexe/appid/1_is1" = ŒŽ–¾‚è‚Ìƒ‰ƒYƒxƒŠƒB `‚Â‚ñšƒf‚ê‡U`1.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Melty Blood Act Cadenza English" = Melty Blood: Act Cadenza English v1.1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"The Core Media Player" = The Core Media Player 4.0
"VLC media player" = VLC media player 1.0.3
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3552078225-3004815482-650139639-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2009 7:56:12 PM | Computer Name = Alexander-PC | Source = Application Hang | ID = 1002
Description = The program CorePlayer.exe version 4.1.1.452 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10e8 Start
Time: 01ca841b3af8ede7 Termination Time: 20 Application Path: C:\Program Files (x86)\CoreCodec\The
Core Media Player\CorePlayer.exe Report Id:

Error - 12/27/2009 3:43:20 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 12/27/2009 3:43:32 AM | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 12/28/2009 4:45:44 PM | Computer Name = Alexander-PC | Source = RasClient | ID = 20227
Description =

Error - 12/28/2009 4:46:01 PM | Computer Name = Alexander-PC | Source = RasClient | ID = 20227
Description =

Error - 12/29/2009 4:01:52 AM | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SchoolMate.exe, version: 0.0.0.0, time
stamp: 0x466f7784 Faulting module name: SchoolMate.exe, version: 0.0.0.0, time stamp:
0x466f7784 Exception code: 0xc0000005 Fault offset: 0x000bacac Faulting process id:
0x1384 Faulting application start time: 0x01ca8855f8e7a95a Faulting application path:
C:\ILLUSION\SchoolMate\SchoolMate.exe Faulting module path: C:\ILLUSION\SchoolMate\SchoolMate.exe
Report
Id: 6bddc515-f450-11de-bbe7-00256482cdde

Error - 12/29/2009 5:30:08 PM | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Faulting application name: STService.exe, version: 1.0.0.64, time
stamp: 0x4ae02c43 Faulting module name: STString.dll, version: 1.1.0.5, time stamp:
0x47e11d41 Exception code: 0xc0000005 Fault offset: 0x0000abcc Faulting process id:
0xb14 Faulting application start time: 0x01ca88cceaf9dab3 Faulting application path:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
Faulting
module path: C:\Program Files (x86)\Dell DataSafe Local Backup\STString.dll Report
Id: 55aeae73-f4c1-11de-a9ef-00256482cdde

Error - 12/29/2009 5:30:45 PM | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Faulting application name: STService.exe, version: 1.0.0.64, time
stamp: 0x4ae02c43 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdb3b Exception code: 0xc0150010 Fault offset: 0x000845bb Faulting process
id: 0xb14 Faulting application start time: 0x01ca88cceaf9dab3 Faulting application
path: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 6c423b8c-f4c1-11de-a9ef-00256482cdde

Error - 12/30/2009 9:46:41 AM | Computer Name = Alexander-PC | Source = Application Hang | ID = 1002
Description = The program sm_cha_eng.exe version 3.2.10.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f58 Start
Time: 01ca89561f032772 Termination Time: 18 Application Path: C:\ILLUSION\SchoolMate\sm_cha_eng.exe

Report
Id:

Error - 12/30/2009 10:40:23 AM | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Faulting application name: schoolmate.exe, version: 0.0.0.0, time
stamp: 0x466f7784 Faulting module name: schoolmate.exe, version: 0.0.0.0, time stamp:
0x466f7784 Exception code: 0xc0000005 Fault offset: 0x000bacac Faulting process id:
0xf18 Faulting application start time: 0x01ca895deebdfc33 Faulting application path:
C:\ILLUSION\SchoolMate\schoolmate.exe Faulting module path: C:\ILLUSION\SchoolMate\schoolmate.exe
Report
Id: 426f33e4-f551-11de-a9ef-00256482cdde

[ Media Center Events ]
Error - 1/6/2010 3:12:09 AM | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 2:12:02 AM - Error connecting to the internet. 2:12:02 AM - Unable
to contact server..

[ System Events ]
Error - 1/6/2010 6:47:11 AM | Computer Name = Alexander-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 1/6/2010 6:47:11 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%1275

Error - 1/6/2010 6:47:23 AM | Computer Name = Alexander-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 1/6/2010 6:47:23 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = The SASENUM service failed to start due to the following error: %%1275

Error - 1/6/2010 6:52:04 AM | Computer Name = Alexander-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 1/6/2010 6:52:04 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = The SASKUTIL service failed to start due to the following error: %%1275

Error - 1/6/2010 6:52:04 AM | Computer Name = Alexander-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 1/6/2010 6:52:04 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%1275

Error - 1/6/2010 7:39:28 AM | Computer Name = Alexander-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 1/6/2010 7:39:28 AM | Computer Name = Alexander-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

< End of report >

LockSearch by jpshortstuff (05.11.09.1)
Log created at 07:38 on 07/01/2010 (Alexander)
Scanning C:\

C:\hiberfil.sys
-------------------------

C:\pagefile.sys
-------------------------

-=E.O.F=-

#4 thcbytes

Forum Addict

Malware Response Team
12,471 posts

Gender:Male

Posted 07 January 2010 - 08:15 AM

Hello,

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

===========

1. Download the file TDSSKiller.zip and extract it to your desktop.
2. Click start->run->copy-paste "%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v into the textbox and press enter.
3. report.txt should be generated into same location with TDSSKiller.exe. Post contents of that report, please.

==========

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)

Now put a check next to Complete scan to scan all local disks and removable media.
In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
In the top menu, click file and choose save report list.
Save the DrWeb.csv report to your desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

===========

Download Sophos Anti-rootkit & save it to your desktop.
Be sure to read the Sophos Anti-Rookit User Manual. A copy of this manual sarman.pdf can also be found inside the program folder after installation.

Double-click sarsfx.exe to begin the installation, read the license agreement and click Accept.
Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
Make sure the following are checked:
Click "Start scan".
Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
- Files tagged as Removable: No are not marked for removal and cannot be removed.
- Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
- Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
A pop up window will appear advising the cleanup will be done when you restart your computer. Click "Restart Now".
After reboot, a dialog box displays the files you selected for removal and the action taken.
Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.

Note: If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted, including temporary files being deleted automatically.

==========

With your next post please provide:

* TDSSKiller log
* DrWeb log
* Sarscan log
* Has any of your scanner detected anything prior to posting here? MBAM for example
* Still getting redirected?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#5 coremediawiz

Member

Members
17 posts

Posted 07 January 2010 - 09:00 AM

I am unable to run TDSSKiller because it does not support 64bit OS's, should I just skip and follow the rest of your instructions or is there an alternative?

#6 thcbytes

Forum Addict

Malware Response Team
12,471 posts

Gender:Male

Posted 07 January 2010 - 10:59 AM

Sorry about that. Just proceed with the other steps. Darn 64bit systems. Fast and efficient but they sure are hard to clean due to incompatibility issue.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#7 coremediawiz

Member

Members
17 posts

Posted 07 January 2010 - 07:19 PM

It's no problem, I'm getting used to programs not being able to run because I'm using a 64bit OS.

drwebcureit log:

Updater.exe;C:\Windows\system32;BackDoor.Siggen.815;Deleted.;
update.exe;C:\Users\ALEXAN~1\AppData\Local\Temp;BackDoor.Siggen.815;Deleted.;
Fixwareout.exe/data002\{app}\FindT\nircmd.exe;C:\Documents and Settings\Alexander\Desktop\install\Fixwareout.exe/data002;Tool.NirCmd.1;;
data002;C:\Documents and Settings\Alexander\Desktop\install;Archive contains infected objects;;
Fixwareout.exe;C:\Documents and Settings\Alexander\Desktop\install;Container contains infected objects;Moved.;
Fixwareout.exe/data002\{app}\FindT\nircmd.exe;C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\Fixwareout.exe/data002;Tool.NirCmd.1;;
data002;C:\Documents and Settings\Alexander\DoctorWeb\Quarantine;Archive contains infected objects;;
Fixwareout.exe;C:\Documents and Settings\Alexander\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
PCTResetSD.exe\___\update.exe;C:\Documents and Settings\Alexander\Documents\My Music\Music\Spyware.Doctor.with.Antivirus.7.0.0.513_by..tano1221\Spyware Docto;BackDoor.Siggen.815;;
PCTResetSD.exe;C:\Documents and Settings\Alexander\Documents\My Music\Music\Spyware.Doctor.with.Antivirus.7.0.0.513_by..tano1221\Spyware Docto;Archive contains infected objects;Moved.;
sdsetup.exe\___\update.exe;C:\Documents and Settings\Alexander\Documents\My Music\Music\Spyware.Doctor.with.Antivirus.7.0.0.513_by..tano1221\Spyware Docto;BackDoor.Siggen.815;;
sdsetup.exe;C:\Documents and Settings\Alexander\Documents\My Music\Music\Spyware.Doctor.with.Antivirus.7.0.0.513_by..tano1221\Spyware Docto;Archive contains infected objects;Moved.;
nircmd.exe;C:\fixwareout\FindT;Tool.NirCmd.1;Incurable.Moved.;

Sophos Anti Rootkit did not detect anything during the scan. Here is the log:

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 1/7/2010 at 18:51:29 PM
User "Alexander" on computer "ALEXANDER-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Info: Starting disk scan of E: (NTFS).
Stopped logging on 1/7/2010 at 19:04:43 PM

MBAM did detect something prior to me posting here. It was quarantined and deleted, here is the log for it:

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/6/2010 5:00:18 AM
mbam-log-2010-01-06 (05-00-18).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 233112
Time elapsed: 19 minute(s), 10 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
C:\Users\Alexander\AppData\Roaming\SystemProc\lsass.exe (Trojan.Inject) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Inject) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Alexander\AppData\Roaming\SystemProc\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Install.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\Alexander\Videos\Nero 9 Reloaded [9.4.26.0] Full [Win 7 Compatible] + Crack\Nero 9 Reloaded (9.4.26.0) Full - Win 7 Compatible + Crack\Activation and Cleaning Tool\Keymaker.exe (Trojan.Agent) -> Quarantined and deleted successfully.

I am still getting redirected.

#8 thcbytes

Forum Addict

Malware Response Team
12,471 posts

Gender:Male

Posted 07 January 2010 - 09:20 PM

Hello,

Please click here to download AVP Tool by Kaspersky.

* Save it to your desktop.
* Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.

* Double click the setup file to run it.
* Click Next to continue.
* It will by default install it to your desktop folder. Click Next.
* Hit ok at the prompt for scanning in Safe Mode.
* It will then open a box There will be a tab that says Automatic scan.
* Under Automatic scan make sure these are checked.

* System Memory
* Startup Objects
* Disk Boot Sectors.
* My Computer.
* Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

* Then click on Scan at the to right hand Corner.
* It will automatically Neutralize any objects found.
* If some objects are left un-neutralized then click the button that says Neutralize all
* If it says it cannot be Neutralized then chooose The delete option when prompted.
* After that is done click on the reports button at the bottom and save it to file, name it Kascan.
* Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Thanks,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#9 coremediawiz

Member

Members
17 posts

Posted 08 January 2010 - 09:08 AM

I ran into several snags running this scan. This first being I could not find System Memory as an option to scan. It did not appear on the list. The second is that there are many items that were detected during the scan that had no action taken against them, and I wasn't prompted to delete them either.

The Log:

Autoscan:Autoscan: completed 9 minutes ago (events: 28, objects: 693559, time: 09:48:18)
1/7/2010 10:47:39 PM Task started
1/7/2010 10:53:54 PM Detected: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe/data0003
1/7/2010 10:53:54 PM Untreated: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe/data0003 Postponed
1/7/2010 10:55:14 PM Detected: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ sdsetup.exe/data0003
1/7/2010 10:55:14 PM Untreated: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ sdsetup.exe/data0003 Postponed
1/7/2010 11:40:46 PM Detected: Backdoor.Win32.MoSucker.30.az C:\Users\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe/data0003
1/7/2010 11:40:46 PM Untreated: Backdoor.Win32.MoSucker.30.az C:\Users\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe/data0003 Postponed
1/7/2010 11:41:49 PM Detected: Backdoor.Win32.MoSucker.30.az C:\Users\Alexander\DoctorWeb\Quarantine\ sdsetup.exe/data0003
1/7/2010 11:41:49 PM Untreated: Backdoor.Win32.MoSucker.30.az C:\Users\Alexander\DoctorWeb\Quarantine\ sdsetup.exe/data0003 Postponed
1/8/2010 12:48:31 AM Detected: Trojan-Dropper.Win32.VB.bix E:\Symantec Norton Anti-Virus 2007\AV-2007.exe/data0000.cab/WEB1DO~1.EXE
1/8/2010 12:48:31 AM Untreated: Trojan-Dropper.Win32.VB.bix E:\Symantec Norton Anti-Virus 2007\AV-2007.exe/data0000.cab/WEB1DO~1.EXE Postponed
1/8/2010 12:52:42 AM Detected: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe/data0003
1/8/2010 12:52:42 AM Untreated: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe/data0003 Postponed
1/8/2010 12:54:21 AM Detected: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ sdsetup.exe/data0003
1/8/2010 12:54:21 AM Untreated: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ sdsetup.exe/data0003 Postponed
1/8/2010 1:32:31 AM Detected: Backdoor.Win32.MoSucker.30.az C:\Users\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe/data0003
1/8/2010 1:32:31 AM Untreated: Backdoor.Win32.MoSucker.30.az C:\Users\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe/data0003 Postponed
1/8/2010 1:33:36 AM Detected: Backdoor.Win32.MoSucker.30.az C:\Users\Alexander\DoctorWeb\Quarantine\ sdsetup.exe/data0003
1/8/2010 1:33:36 AM Untreated: Backdoor.Win32.MoSucker.30.az C:\Users\Alexander\DoctorWeb\Quarantine\ sdsetup.exe/data0003 Postponed
1/8/2010 2:39:20 AM Detected: Trojan-Dropper.Win32.VB.bix E:\Symantec Norton Anti-Virus 2007\AV-2007.exe/data0000.cab/WEB1DO~1.EXE
1/8/2010 2:39:20 AM Untreated: Trojan-Dropper.Win32.VB.bix E:\Symantec Norton Anti-Virus 2007\AV-2007.exe/data0000.cab/WEB1DO~1.EXE Postponed
1/8/2010 2:39:21 AM Detected: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe/data0003
1/8/2010 8:35:11 AM Deleted: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ PCTResetSD.exe
1/8/2010 8:35:35 AM Detected: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ sdsetup.exe/data0003
1/8/2010 8:35:42 AM Deleted: Backdoor.Win32.MoSucker.30.az C:\Documents and Settings\Alexander\DoctorWeb\Quarantine\ sdsetup.exe
1/8/2010 8:35:44 AM Detected: Trojan-Dropper.Win32.VB.bix E:\Symantec Norton Anti-Virus 2007\AV-2007.exe/data0000.cab/WEB1DO~1.EXE
1/8/2010 8:35:57 AM Deleted: Trojan-Dropper.Win32.VB.bix E:\Symantec Norton Anti-Virus 2007\AV-2007.exe
1/8/2010 8:35:57 AM Task completed

#10 thcbytes

Forum Addict

Malware Response Team
12,471 posts

Gender:Male

Posted 08 January 2010 - 11:33 AM

You did well.

Most of the detections were already in quarantine.

Do you have your Windows 7 Install DVD?
Are you still getting redirected?

Please download

by OldTimer to your desktop from here.

Open the file and close any other windows.
It will close all programs itself when run; make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job.
After it is finished, it should reboot your machine, if not, do this yourself to ensure a complete clean.

Please do this...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
CODE
:filefind
*atapi.sy*
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

==========

A new version of MBAM was just released. Please open MBAM, press the Update tab then run a new scan. Post a log please.

==========

With your next post please provide:

* Answer to questions
* SystemLook.txt
* MBAM log

Kind regards,
~t

Edited by thcbytes, 08 January 2010 - 11:37 AM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#11 coremediawiz

Member

Members
17 posts

Posted 08 January 2010 - 12:50 PM

I still have my windows 7 install dvd. After completing this set of scans I am still being redirected.

System Look:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 12:46 on 08/01/2010 by Alexander (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi.sy*"
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys --a--- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys --a--- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C

-=End Of File=-

MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3519
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/8/2010 12:39:38 PM
mbam-log-2010-01-08 (12-39-38).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 232634
Time elapsed: 20 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 thcbytes

Forum Addict

Malware Response Team
12,471 posts

Gender:Male

Posted 08 January 2010 - 04:25 PM

Hello,

I suspect that you have a patched (infected) System File - atapi.sys. This is a very common cause of infection and redirection.

What is particularly peculiar in relation to your log is that it appears you are missing this critical system file in its normal location......

CODE

C:\WINDOWS\system32\drivers\atapi.sys

But that is not possible....

If you were to remove it from that location your computer would not boot. Unless the file has been altered or renamed.

I will replace it but 1st I want you to do this search....

Double-click SystemLook.exe
Copy the content of the following codebox into the main textfield:
CODE
:filefind
*atapi*
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Prior to posting here do you remember running any tools that gave you some indication of an infection related to this System File?

Thanks,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#13 coremediawiz

Member

Members
17 posts

Posted 08 January 2010 - 04:51 PM

Nope, I have no recollection of this file ever coming up during a scan.

System Look:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:48 on 08/01/2010 by Alexander (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi*"
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys --a--- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\System32\en-US\WinSATAPI.dll.mui --a--- 6656 bytes [05:35 14/07/2009] [02:07 14/07/2009] 330A6E9A4A6FA657EBB094FCD82EFA9D
C:\Windows\System32\WinSATAPI.dll --a--- 335872 bytes [23:22 13/07/2009] [01:16 14/07/2009] 62D6C0C69ADFB00C3EB9A0CC81F39EE6
C:\Windows\SysWOW64\en-US\WinSATAPI.dll.mui --a--- 6656 bytes [05:35 14/07/2009] [02:07 14/07/2009] 330A6E9A4A6FA657EBB094FCD82EFA9D
C:\Windows\SysWOW64\WinSATAPI.dll --a--- 335872 bytes [23:22 13/07/2009] [01:16 14/07/2009] 62D6C0C69ADFB00C3EB9A0CC81F39EE6
C:\Windows\winsxs\amd64_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.1.7600.16385_none_3f9353c1114b6a6d\WinSATAPI.dll --a--- 500224 bytes [23:35 13/07/2009] [01:41 14/07/2009] EC7EB038EA11E0D04214D143E0CB6002
C:\Windows\winsxs\amd64_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e51f384e54ef7022\WinSATAPI.dll.mui --a--- 6656 bytes [05:35 14/07/2009] [02:29 14/07/2009] 0411EF9378D515A2668A693CED3E943E
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys --a--- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\winsxs\x86_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.1.7600.16385_none_e374b83d58edf937\WinSATAPI.dll --a--- 335872 bytes [23:22 13/07/2009] [01:16 14/07/2009] 62D6C0C69ADFB00C3EB9A0CC81F39EE6
C:\Windows\winsxs\x86_microsoft-windows-w..nttoolapi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_89009cca9c91feec\WinSATAPI.dll.mui --a--- 6656 bytes [05:35 14/07/2009] [02:07 14/07/2009] 330A6E9A4A6FA657EBB094FCD82EFA9D

-=End Of File=-

#14 thcbytes

Forum Addict

Malware Response Team
12,471 posts

Gender:Male

Posted 08 January 2010 - 05:06 PM

This is very unusual. I am going to have my colleagues look at this before I replace that file. Stay tuned please.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#15 thcbytes

Forum Addict

Malware Response Team
12,471 posts

Gender:Male

Posted 08 January 2010 - 05:54 PM

Back sooner than planned.

Darn 64 bit OS..

Many thanks to tetonbob and jpshortstuff for cracking the case. I was way off. The application SystemLook is a 32bit app and can't see your 64bit System Files.

And it appears that this is the culprit.....

QUOTE

FF - HiddenExtension: Internal security: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

So please do this....

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Any more redirects?

Thanks,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image