Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista x64 Windows Explorer freezes on first use, Help required - HJT log


  • This topic is locked This topic is locked
19 replies to this topic

#1 Marti-S

Marti-S

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:North East (rural) England
  • Local time:08:13 AM

Posted 11 September 2009 - 04:49 AM

Hi Guys

I was hoping someone could help me out here. I'm running Vista x64 and whenever I load up, Windows Explorer freezes on first use of the Right-Click and I need to do a 3-finger shuffle to terminate and restart Explorer. After this it seems to run just fine.

I thought I'd try Hijackthis as it's helped me out in the past, but this log - when analysed online, is showing (potential) errors and I'm not sure whether I should terminate the processes in question.

HJT Log....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:29, on 09/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe
C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~2\E-BOOK~1\FLIPVI~1\fvbho140.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [EPSON PageSTM InboxIcon01] "C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\A User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://ukaccess.amec.com/dana-cached/sc/Ju...SetupClient.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10498 bytes


Analysis results....
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This service (alg.exe) seems to be nasty.
This process is not running from the System32 folder as it is supposed to be.

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This service (lsass.exe) seems to be nasty.
This process is not running from the System32 folder as it is supposed to be.

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This service (lsass.exe) seems to be nasty.
This process is not running from the System32 folder as it is supposed to be.

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This service (locator.exe) seems to be nasty.
This process is not running from the System32 folder as it is supposed to be.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This service (lsass.exe) seems to be nasty.
This process is not running from the System32 folder as it is supposed to be.
Visitor's assessment Analyzerdetails
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This service (SLsvc.exe) seems to be nasty.
This process is not running from the System32 folder as it is supposed to be.

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This service (spoolsv.exe) seems to be nasty.
This process is not running from the System32 folder as it is supposed to be.

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This service (vds.exe) seems to be nasty.
This process is not running from the System32 folder as it is supposed to be.
Visitor's assessment Analyzerdetails
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

Kind

Very safe
Very safe
This entry is not running from the System32 folder, so it is probably nasty. This service (vssvc.exe) seems to be nasty.
This process is not running from the System32 folder as it is supposed to be.



Any help/advice would be greatly appreciated

M

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 AM

Posted 27 September 2009 - 08:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Marti-S

Marti-S
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:North East (rural) England
  • Local time:08:13 AM

Posted 28 September 2009 - 05:16 AM

DDS (Ver_09-09-24.01) - NTFSx86
Run by A User at 11:13:38.43 on 28/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.8190.6002 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090213-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1335 [VPS 090213-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\explorer.exe
C:\Windows\splwow64.exe
C:\Users\A User\AppData\Local\Apps\2.0\MGXRCMAT.GBT\Z0C2AJTD.TPL\rapi..tion_beb8bcbf36015e49_0000.0001_73ca99bd24db9b2a\RapidShareManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\A User\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~2\e-book~1\flipvi~1\fvbho140.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [NVIDIA nTune] "c:\program files (x86)\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\daemon.exe" -autorun
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [PWRISOVM.EXE] "c:\program files (x86)\poweriso\PWRISOVM.EXE"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LogitechCommunicationsManager] "c:\program files (x86)\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files (x86)\logitech\quickcam\Quickcam.exe" /hide
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "c:\program files (x86)\google\gmail notifier\gnotify.exe"
mRun: [amd_dc_opt] c:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [EPSON PageSTM InboxIcon01] "c:\program files (x86)\epson\istm3\pg\E_L20IC3.EXE"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\setpoi~1.lnk - c:\program files (x86)\logitech\setpoint ii\SetPointII.exe
uPolicies-explorer: TaskbarNoNotification = 1 (0x1)
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ukaccess.amec.com/dana-cached/sc/JuniperSetupClient.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\auser~1\appdata\roaming\mozilla\firefox\profiles\w8lf8cup.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\users\a user\appdata\roaming\mozilla\firefox\profiles\w8lf8cup.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPOpf.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys --> c:\windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswfsblk.sys --> c:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys --> c:\windows\system32\drivers\aswMonFlt.sys [?]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-9-9 4658744]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-10-19 182296]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files (x86)\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\tomtom home 2\TomTomHOMEService.exe [2009-8-7 92008]
R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\drivers\amdlld64.sys --> c:\windows\system32\drivers\AmdLLD64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\lvpr2m64.sys --> c:\windows\system32\drivers\LVPr2M64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys --> c:\windows\system32\drivers\nvhda64v.sys [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys --> c:\windows\system32\drivers\psi_mf.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-3-6 93184]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-2-14 1038088]
S3 LVcKap64;Logitech AEC Driver;c:\windows\system32\drivers\lvckap64.sys --> c:\windows\system32\drivers\LVcKap64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\lvusbs64.sys --> c:\windows\system32\drivers\LVUSBS64.sys [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspsanity64.sys --> c:\windows\system32\drivers\rspSanity64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys --> c:\windows\system32\drivers\wacmoumonitor.sys [?]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\pen_tablet.exe --> c:\windows\system32\Pen_Tablet.exe [?]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-09-26 18:05 <DIR> --d----- c:\program files (x86)\Headup Games
2009-09-23 18:38 <DIR> --dsh--- c:\windows\ftpcache
2009-09-23 16:21 <DIR> --d----- c:\users\auser~1\appdata\roaming\Tropico 3
2009-09-23 16:18 <DIR> --d----- c:\program files (x86)\Kalypso
2009-09-23 15:44 <DIR> --d----- c:\users\auser~1\appdata\roaming\Big Fish Games
2009-09-23 15:43 <DIR> --d----- c:\program files (x86)\Drawn - The Painted Tower
2009-09-23 11:18 <DIR> --d----- c:\programdata\NOS
2009-09-22 21:57 <DIR> --d----- c:\program files (x86)\GiPo@Utilities
2009-09-22 21:57 <DIR> --d----- c:\program files (x86)\common files\Gibinsoft Shared
2009-09-22 21:33 <DIR> --d----- c:\program files (x86)\Windows Installer Clean Up
2009-09-22 21:33 <DIR> --d----- c:\program files (x86)\MSECACHE
2009-09-22 21:14 <DIR> --d----- c:\program files (x86)\Secunia
2009-09-22 10:22 2,048 a------- c:\windows\system32\tzres.dll
2009-09-22 10:18 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-22 10:18 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-09-22 10:18 71,680 a------- c:\windows\system32\atl.dll
2009-09-22 10:18 91,136 a------- c:\windows\system32\avifil32.dll
2009-09-22 10:17 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-09-22 10:17 7,680 a------- c:\windows\system32\spwmp.dll
2009-09-22 10:17 4,096 a------- c:\windows\system32\msdxm.ocx
2009-09-22 10:17 4,096 a------- c:\windows\system32\dxmasf.dll
2009-09-22 10:17 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-09-22 10:17 43,520 a------- c:\windows\system32\msdxm.tlb
2009-09-22 10:17 18,432 a------- c:\windows\system32\amcompat.tlb
2009-09-22 10:16 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-22 10:16 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-22 10:16 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-21 14:22 <DIR> --d----- c:\users\auser~1\appdata\roaming\Dream Aquarium
2009-09-16 14:07 <DIR> --d----- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-09-16 11:10 <DIR> --d----- C:\Trend
2009-09-15 18:44 <DIR> --d----- C:\187712bbd102d87b8b
2009-09-15 11:48 <DIR> --d----- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-09-12 13:08 <DIR> --d----- c:\programdata\THQ
2009-09-12 13:08 <DIR> --d----- c:\progra~3\THQ
2009-09-12 12:26 <DIR> --d----- c:\program files (x86)\Volition Inc
2009-09-11 10:57 69 a------- c:\windows\NeroDigital.ini
2009-09-10 23:35 <DIR> --d----- c:\users\auser~1\appdata\roaming\Lost in the City - Post scriptum
2009-09-10 14:52 <DIR> --d----- c:\program files (x86)\Medieval Software
2009-09-09 19:59 68 a------- c:\windows\wininit.ini
2009-09-09 19:59 <DIR> --d----- c:\programdata\PrevxCSI
2009-09-09 19:59 <DIR> --d----- c:\progra~3\PrevxCSI
2009-09-09 19:32 <DIR> --d----- c:\program files (x86)\Wise Registry Cleaner
2009-09-09 19:26 <DIR> a-d----- c:\programdata\TEMP
2009-09-09 19:26 <DIR> --d----- c:\users\auser~1\appdata\roaming\SmartPCTools
2009-09-09 17:51 <DIR> --d----- c:\program files (x86)\Trend Micro
2009-09-09 16:32 <DIR> --d----- c:\program files (x86)\8monkey Labs
2009-09-08 22:29 38 a------- c:\windows\avisplitter.ini
2009-09-08 22:29 839,680 a------- c:\windows\system32\lameACM.acm
2009-09-08 22:29 118,784 a------- c:\windows\system32\ac3acm.acm
2009-09-08 22:29 414 a------- c:\windows\system32\lame_acm.xml
2009-09-08 22:28 <DIR> --d----- c:\program files (x86)\K-Lite Codec Pack
2009-09-07 10:07 <DIR> --d-h--- c:\programdata\CanonBJ
2009-09-07 09:37 <DIR> --d----- c:\programdata\Azureus
2009-09-07 09:37 <DIR> --d----- c:\progra~3\Azureus
2009-09-07 09:37 <DIR> --d----- c:\users\auser~1\appdata\roaming\Azureus
2009-09-06 19:14 0 a------- c:\windows\DMM.INI
2009-09-06 18:58 <DIR> --d----- c:\program files (x86)\Sienzo
2009-09-06 13:28 <DIR> --d----- c:\program files (x86)\SouthPeak Games
2009-09-05 10:58 130 a------- c:\windows\system32\rpicfica.bin
2009-09-05 10:55 376,832 a------- c:\windows\system32\cmd22.dll
2009-09-05 10:47 <DIR> --d----- c:\users\auser~1\appdata\roaming\CUE Tools
2009-09-02 12:01 8,192 a------- C:\bootsect.lxe.bak
2009-09-02 12:01 383,592 ---shr-- C:\gdrop
2009-09-02 12:01 171,136 ---shr-- C:\xeldr
2009-09-01 18:45 <DIR> --dsh--- c:\users\a user\My Docs
2009-09-01 12:18 <DIR> --d----- c:\program files (x86)\TweakVI
2009-09-01 12:15 <DIR> --d----- c:\program files (x86)\NeoSmart Technologies
2009-08-31 11:53 <DIR> --d----- c:\programdata\Spreng- und Abriss-Simulator
2009-08-31 11:53 <DIR> --d----- c:\progra~3\Spreng- und Abriss-Simulator
2009-08-31 11:52 <DIR> --d----- c:\program files (x86)\Spreng- und Abriss-Simulator
2009-08-29 11:49 <DIR> --d----- c:\program files (x86)\Free M4a to MP3 Converter

==================== Find3M ====================

2009-09-28 10:43 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-28 10:43 51,200 a------- c:\windows\inf\infpub.dat
2009-09-17 10:22 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 13:50 331,776 a------- c:\windows\apppatch\apppatch64\AcLayers.dll
2009-08-28 13:50 281,600 a------- c:\windows\apppatch\apppatch64\AcGenral.dll
2009-08-28 13:50 100,352 a------- c:\windows\apppatch\apppatch64\acspecfc.dll
2009-08-28 13:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 11:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 3,298,304 a------- c:\windows\system32\nvwgf2um.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-16 16:08 178,176 a------- c:\windows\system32\unrar.dll
2009-08-16 11:05 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-08-16 11:05 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-08-14 17:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 17:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 15:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-08-08 13:48 31,966 a------- c:\programdata\nvModes.dat
2009-08-08 13:48 31,966 a------- c:\progra~3\nvModes.dat
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-03 00:21 23,320 a------- c:\windows\system32\PhysXDevice.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-03 19:26 152,904 a------- c:\windows\system32\vghd.scr
2009-06-21 18:06 99,384 a------- c:\users\auser~1\appdata\roaming\inst.exe
2009-06-21 18:06 82,816 a------- c:\users\auser~1\appdata\roaming\pcouffin.sys
2009-02-28 18:49 2,828 a--sh--- c:\programdata\KGyGaAvL.sys
2009-02-28 18:49 2,828 a--sh--- c:\progra~3\KGyGaAvL.sys
2009-02-28 18:49 88 ---shr-- c:\programdata\E26F3213F5.sys
2009-02-28 18:49 88 ---shr-- c:\progra~3\E26F3213F5.sys
2009-02-13 23:18 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 04:21 174 a--sh--- c:\program files (x86)\desktop.ini
2006-11-02 16:14 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 16:14 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 16:14 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 16:14 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 11:52 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:52 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:52 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:52 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-04-11 13:36 88 ---shr-- c:\windows\system32\51DB61B364.sys
2009-04-11 13:36 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:14:04.09 ===============



DDS (Ver_09-09-24.01) - NTFSx86
Run by A User at 11:13:38.43 on 28/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.8190.6002 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090213-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1335 [VPS 090213-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\explorer.exe
C:\Windows\splwow64.exe
C:\Users\A User\AppData\Local\Apps\2.0\MGXRCMAT.GBT\Z0C2AJTD.TPL\rapi..tion_beb8bcbf36015e49_0000.0001_73ca99bd24db9b2a\RapidShareManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\A User\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~2\e-book~1\flipvi~1\fvbho140.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [NVIDIA nTune] "c:\program files (x86)\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\daemon.exe" -autorun
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [PWRISOVM.EXE] "c:\program files (x86)\poweriso\PWRISOVM.EXE"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LogitechCommunicationsManager] "c:\program files (x86)\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files (x86)\logitech\quickcam\Quickcam.exe" /hide
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "c:\program files (x86)\google\gmail notifier\gnotify.exe"
mRun: [amd_dc_opt] c:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [EPSON PageSTM InboxIcon01] "c:\program files (x86)\epson\istm3\pg\E_L20IC3.EXE"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\setpoi~1.lnk - c:\program files (x86)\logitech\setpoint ii\SetPointII.exe
uPolicies-explorer: TaskbarNoNotification = 1 (0x1)
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ukaccess.amec.com/dana-cached/sc/JuniperSetupClient.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\auser~1\appdata\roaming\mozilla\firefox\profiles\w8lf8cup.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\users\a user\appdata\roaming\mozilla\firefox\profiles\w8lf8cup.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPOpf.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys --> c:\windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswfsblk.sys --> c:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys --> c:\windows\system32\drivers\aswMonFlt.sys [?]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-9-9 4658744]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-10-19 182296]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files (x86)\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\tomtom home 2\TomTomHOMEService.exe [2009-8-7 92008]
R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\drivers\amdlld64.sys --> c:\windows\system32\drivers\AmdLLD64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\lvpr2m64.sys --> c:\windows\system32\drivers\LVPr2M64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys --> c:\windows\system32\drivers\nvhda64v.sys [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys --> c:\windows\system32\drivers\psi_mf.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-3-6 93184]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-2-14 1038088]
S3 LVcKap64;Logitech AEC Driver;c:\windows\system32\drivers\lvckap64.sys --> c:\windows\system32\drivers\LVcKap64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\lvusbs64.sys --> c:\windows\system32\drivers\LVUSBS64.sys [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspsanity64.sys --> c:\windows\system32\drivers\rspSanity64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys --> c:\windows\system32\drivers\wacmoumonitor.sys [?]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\pen_tablet.exe --> c:\windows\system32\Pen_Tablet.exe [?]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-09-26 18:05 <DIR> --d----- c:\program files (x86)\Headup Games
2009-09-23 18:38 <DIR> --dsh--- c:\windows\ftpcache
2009-09-23 16:21 <DIR> --d----- c:\users\auser~1\appdata\roaming\Tropico 3
2009-09-23 16:18 <DIR> --d----- c:\program files (x86)\Kalypso
2009-09-23 15:44 <DIR> --d----- c:\users\auser~1\appdata\roaming\Big Fish Games
2009-09-23 15:43 <DIR> --d----- c:\program files (x86)\Drawn - The Painted Tower
2009-09-23 11:18 <DIR> --d----- c:\programdata\NOS
2009-09-22 21:57 <DIR> --d----- c:\program files (x86)\GiPo@Utilities
2009-09-22 21:57 <DIR> --d----- c:\program files (x86)\common files\Gibinsoft Shared
2009-09-22 21:33 <DIR> --d----- c:\program files (x86)\Windows Installer Clean Up
2009-09-22 21:33 <DIR> --d----- c:\program files (x86)\MSECACHE
2009-09-22 21:14 <DIR> --d----- c:\program files (x86)\Secunia
2009-09-22 10:22 2,048 a------- c:\windows\system32\tzres.dll
2009-09-22 10:18 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-22 10:18 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-09-22 10:18 71,680 a------- c:\windows\system32\atl.dll
2009-09-22 10:18 91,136 a------- c:\windows\system32\avifil32.dll
2009-09-22 10:17 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-09-22 10:17 7,680 a------- c:\windows\system32\spwmp.dll
2009-09-22 10:17 4,096 a------- c:\windows\system32\msdxm.ocx
2009-09-22 10:17 4,096 a------- c:\windows\system32\dxmasf.dll
2009-09-22 10:17 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-09-22 10:17 43,520 a------- c:\windows\system32\msdxm.tlb
2009-09-22 10:17 18,432 a------- c:\windows\system32\amcompat.tlb
2009-09-22 10:16 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-22 10:16 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-22 10:16 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-21 14:22 <DIR> --d----- c:\users\auser~1\appdata\roaming\Dream Aquarium
2009-09-16 14:07 <DIR> --d----- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-09-16 11:10 <DIR> --d----- C:\Trend
2009-09-15 18:44 <DIR> --d----- C:\187712bbd102d87b8b
2009-09-15 11:48 <DIR> --d----- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2009-09-12 13:08 <DIR> --d----- c:\programdata\THQ
2009-09-12 13:08 <DIR> --d----- c:\progra~3\THQ
2009-09-12 12:26 <DIR> --d----- c:\program files (x86)\Volition Inc
2009-09-11 10:57 69 a------- c:\windows\NeroDigital.ini
2009-09-10 23:35 <DIR> --d----- c:\users\auser~1\appdata\roaming\Lost in the City - Post scriptum
2009-09-10 14:52 <DIR> --d----- c:\program files (x86)\Medieval Software
2009-09-09 19:59 68 a------- c:\windows\wininit.ini
2009-09-09 19:59 <DIR> --d----- c:\programdata\PrevxCSI
2009-09-09 19:59 <DIR> --d----- c:\progra~3\PrevxCSI
2009-09-09 19:32 <DIR> --d----- c:\program files (x86)\Wise Registry Cleaner
2009-09-09 19:26 <DIR> a-d----- c:\programdata\TEMP
2009-09-09 19:26 <DIR> --d----- c:\users\auser~1\appdata\roaming\SmartPCTools
2009-09-09 17:51 <DIR> --d----- c:\program files (x86)\Trend Micro
2009-09-09 16:32 <DIR> --d----- c:\program files (x86)\8monkey Labs
2009-09-08 22:29 38 a------- c:\windows\avisplitter.ini
2009-09-08 22:29 839,680 a------- c:\windows\system32\lameACM.acm
2009-09-08 22:29 118,784 a------- c:\windows\system32\ac3acm.acm
2009-09-08 22:29 414 a------- c:\windows\system32\lame_acm.xml
2009-09-08 22:28 <DIR> --d----- c:\program files (x86)\K-Lite Codec Pack
2009-09-07 10:07 <DIR> --d-h--- c:\programdata\CanonBJ
2009-09-07 09:37 <DIR> --d----- c:\programdata\Azureus
2009-09-07 09:37 <DIR> --d----- c:\progra~3\Azureus
2009-09-07 09:37 <DIR> --d----- c:\users\auser~1\appdata\roaming\Azureus
2009-09-06 19:14 0 a------- c:\windows\DMM.INI
2009-09-06 18:58 <DIR> --d----- c:\program files (x86)\Sienzo
2009-09-06 13:28 <DIR> --d----- c:\program files (x86)\SouthPeak Games
2009-09-05 10:58 130 a------- c:\windows\system32\rpicfica.bin
2009-09-05 10:55 376,832 a------- c:\windows\system32\cmd22.dll
2009-09-05 10:47 <DIR> --d----- c:\users\auser~1\appdata\roaming\CUE Tools
2009-09-02 12:01 8,192 a------- C:\bootsect.lxe.bak
2009-09-02 12:01 383,592 ---shr-- C:\gdrop
2009-09-02 12:01 171,136 ---shr-- C:\xeldr
2009-09-01 18:45 <DIR> --dsh--- c:\users\a user\My Docs
2009-09-01 12:18 <DIR> --d----- c:\program files (x86)\TweakVI
2009-09-01 12:15 <DIR> --d----- c:\program files (x86)\NeoSmart Technologies
2009-08-31 11:53 <DIR> --d----- c:\programdata\Spreng- und Abriss-Simulator
2009-08-31 11:53 <DIR> --d----- c:\progra~3\Spreng- und Abriss-Simulator
2009-08-31 11:52 <DIR> --d----- c:\program files (x86)\Spreng- und Abriss-Simulator
2009-08-29 11:49 <DIR> --d----- c:\program files (x86)\Free M4a to MP3 Converter

==================== Find3M ====================

2009-09-28 10:43 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-28 10:43 51,200 a------- c:\windows\inf\infpub.dat
2009-09-17 10:22 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 13:50 331,776 a------- c:\windows\apppatch\apppatch64\AcLayers.dll
2009-08-28 13:50 281,600 a------- c:\windows\apppatch\apppatch64\AcGenral.dll
2009-08-28 13:50 100,352 a------- c:\windows\apppatch\apppatch64\acspecfc.dll
2009-08-28 13:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 11:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 3,298,304 a------- c:\windows\system32\nvwgf2um.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-16 16:08 178,176 a------- c:\windows\system32\unrar.dll
2009-08-16 11:05 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-08-16 11:05 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-08-14 17:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 17:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 15:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-08-08 13:48 31,966 a------- c:\programdata\nvModes.dat
2009-08-08 13:48 31,966 a------- c:\progra~3\nvModes.dat
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-03 00:21 23,320 a------- c:\windows\system32\PhysXDevice.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-03 19:26 152,904 a------- c:\windows\system32\vghd.scr
2009-06-21 18:06 99,384 a------- c:\users\auser~1\appdata\roaming\inst.exe
2009-06-21 18:06 82,816 a------- c:\users\auser~1\appdata\roaming\pcouffin.sys
2009-02-28 18:49 2,828 a--sh--- c:\programdata\KGyGaAvL.sys
2009-02-28 18:49 2,828 a--sh--- c:\progra~3\KGyGaAvL.sys
2009-02-28 18:49 88 ---shr-- c:\programdata\E26F3213F5.sys
2009-02-28 18:49 88 ---shr-- c:\progra~3\E26F3213F5.sys
2009-02-13 23:18 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 04:21 174 a--sh--- c:\program files (x86)\desktop.ini
2006-11-02 16:14 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 16:14 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 16:14 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 16:14 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 11:52 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:52 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:52 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:52 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-04-11 13:36 88 ---shr-- c:\windows\system32\51DB61B364.sys
2009-04-11 13:36 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:14:04.09 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:13 AM

Posted 03 October 2009 - 04:19 PM

Hi Marti-s,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:13 AM

Posted 06 October 2009 - 08:28 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 Marti-S

Marti-S
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:North East (rural) England
  • Local time:08:13 AM

Posted 07 October 2009 - 02:48 AM

Hi Mole

Sorry for the delay - have been working away.

Yes I still need help. Explorer is still freezing on first use, especially with a right-clcik or if I try to move files.

M

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:13 AM

Posted 07 October 2009 - 12:55 PM

Hi Marti-S,

The logs look clean so we need to look further.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Please also run MBAM which will do a quick scan and remove if it finds anything

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#8 Marti-S

Marti-S
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:North East (rural) England
  • Local time:08:13 AM

Posted 08 October 2009 - 04:00 AM

Have followed your instructions, but Root Repeal does not run in a 64bit environment.

I will post the results from the Malwarebytes scan when complete.

M

#9 Marti-S

Marti-S
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:North East (rural) England
  • Local time:08:13 AM

Posted 08 October 2009 - 05:09 AM

Scan results:

Malwarebytes' Anti-Malware 1.41
Database version: 2922
Windows 6.0.6001 Service Pack 1

08/10/2009 11:09:19
mbam-log-2009-10-08 (11-09-19).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 378969
Time elapsed: 1 hour(s), 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files (x86)\UltraVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\KORG\KORG Legacy DIGITAL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files (x86)\UltraVideo\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:13 AM

Posted 08 October 2009 - 04:01 PM

Aha, there is malware in the MBAM.

Let's see what else we can find

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Then


We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Thanks :(
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:13 AM

Posted 11 October 2009 - 04:06 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#12 Marti-S

Marti-S
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:North East (rural) England
  • Local time:08:13 AM

Posted 13 October 2009 - 11:05 AM

m0le

Sorry for the delay, been working away again.

results from DrWeb

batm-mscott59.exe;C:\Documents and Settings\A User\Downloads\Games;Probably DLOADER.Trojan;;
coj-mscott59.exe;C:\Documents and Settings\A User\Downloads\Games;Probably DLOADER.Trojan;;
dark-mscott59.exe;C:\Documents and Settings\A User\Downloads\Games;Probably DLOADER.Trojan;;
qc.csi;C:\Documents and Settings\All Users\Application Data\PrevxCSI;Win32.HLLW.Shadow.based;Deleted.;
SIGMA Photo Pro.exe;C:\Program Files\SIGMA\Photo Pro;Probably WIN.WORM.Virus;;
batm-mscott59.exe;C:\Users\A User\Downloads\Games;Probably DLOADER.Trojan;;
coj-mscott59.exe;C:\Users\A User\Downloads\Games;Probably DLOADER.Trojan;;
dark-mscott59.exe;C:\Users\A User\Downloads\Games;Probably DLOADER.Trojan;;


Results from OTL.txt

OTL logfile created on: 13/10/2009 17:02:10 - Run 4
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Users\A User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 121.80 Gb Free Space | 26.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 111.81 Gb Total Space | 32.75 Gb Free Space | 29.29% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AUSER-PC
Current User Name: A User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/13 10:40:46 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\A User\Desktop\OTL.exe
PRC - [2009/09/10 13:41:20 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/21 09:15:32 | 00,900,816 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe
PRC - [2009/08/17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/07 15:31:40 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/04/23 14:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2009/03/15 11:15:16 | 00,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/03/14 21:55:43 | 00,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009/03/14 21:55:34 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/02/19 05:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008/09/24 15:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/10/25 16:37:32 | 02,178,832 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 16:33:22 | 00,563,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 16:32:58 | 00,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 13:18:48 | 00,113,176 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
PRC - [2007/07/24 12:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 14:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2006/11/02 16:04:16 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
PRC - [2006/08/31 03:20:00 | 00,126,976 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE
PRC - [2005/07/15 22:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/09 19:59:27 | 04,658,744 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner [Auto | Running])
SRV:64bit: - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV:64bit: - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV:64bit: - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV:64bit: - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV:64bit: - [2009/08/10 16:01:06 | 00,206,880 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV:64bit: - [2009/08/10 16:01:04 | 00,626,208 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
SRV:64bit: - [2009/02/19 01:39:26 | 00,160,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV:64bit: - [2009/02/14 19:14:01 | 01,038,088 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64 [On_Demand | Stopped])
SRV:64bit: - [2008/12/11 11:05:32 | 03,589,416 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen [Disabled | Stopped])
SRV:64bit: - [2008/01/21 03:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
SRV:64bit: - [2008/01/21 03:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2007/10/19 13:20:42 | 00,171,032 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV:64bit: - [2007/10/19 13:18:36 | 00,182,296 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64 [Auto | Running])
SRV:64bit: - [2007/10/19 13:17:04 | 00,255,000 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer [Auto | Running])
SRV:64bit: - [2007/10/19 04:10:30 | 00,089,600 | ---- | M] () -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters [Auto | Running])
SRV:64bit: - [2006/11/02 12:16:35 | 00,051,200 | ---- | M] () -- C:\Windows\SysNative\bthserv.dll -- (BthServ [Auto | Running])
SRV - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])
SRV - [2009/08/07 15:31:40 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Auto | Running])
SRV - [2009/03/14 21:55:43 | 00,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2009/03/14 21:55:34 | 00,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/02/14 19:12:51 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/09/24 15:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 19:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/06/20 02:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/20 02:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/01/21 03:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [Disabled | Stopped])
SRV - [2008/01/21 03:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [Disabled | Stopped])
SRV - [2008/01/21 03:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2007/09/04 20:31:22 | 00,180,224 | ---- | M] (NVIDIA) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
SRV - [2007/07/24 12:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
SRV - [2007/06/05 14:20:32 | 00,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2007/05/31 10:11:54 | 00,443,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2007/05/31 10:11:46 | 00,225,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2006/11/02 16:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Disabled | Stopped])
SRV - [2006/11/02 14:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2006/11/02 10:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Stopped])
SRV - [2006/11/02 07:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 07:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/10/01 15:53:18 | 00,314,016 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV:64bit: - [2009/09/28 12:07:22 | 00,043,680 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV:64bit: - [2009/09/09 19:59:27 | 00,022,024 | ---- | M] () -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan [Boot | Running])
DRV:64bit: - [2009/09/09 19:59:27 | 00,018,440 | ---- | M] () -- C:\Windows\SysNative\drivers\pxsec.sys -- (pxsec [Boot | Running])
DRV:64bit: - [2009/08/17 17:06:05 | 00,089,680 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP [System | Running])
DRV:64bit: - [2009/08/17 17:05:43 | 00,022,096 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV:64bit: - [2009/08/17 17:05:31 | 00,065,616 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV:64bit: - [2009/08/17 17:04:43 | 00,058,448 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV:64bit: - [2009/08/17 17:04:32 | 00,027,216 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV:64bit: - [2009/06/26 22:55:10 | 00,083,488 | ---- | M] () -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA [On_Demand | Running])
DRV:64bit: - [2009/06/20 09:20:58 | 00,082,816 | ---- | M] () -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV:64bit: - [2009/06/17 13:19:14 | 00,015,208 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI [On_Demand | Running])
DRV:64bit: - [2009/05/09 14:32:30 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV:64bit: - [2009/03/15 11:32:56 | 00,085,424 | ---- | M] () -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV:64bit: - [2009/03/02 11:24:26 | 00,035,896 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\rspSanity64.sys -- (rspSanity [On_Demand | Stopped])
DRV:64bit: - [2008/12/19 00:47:18 | 00,057,872 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV:64bit: - [2008/12/19 00:47:10 | 00,055,312 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV:64bit: - [2008/10/06 11:53:26 | 00,018,216 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Stopped])
DRV:64bit: - [2008/08/18 15:45:00 | 00,015,272 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV:64bit: - [2008/06/27 08:51:10 | 00,088,632 | ---- | M] () -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs [Auto | Running])
DRV:64bit: - [2008/01/21 03:47:04 | 00,098,816 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV:64bit: - [2008/01/21 03:46:52 | 00,019,456 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV:64bit: - [2007/10/25 02:06:30 | 00,444,928 | ---- | M] () -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2007/10/19 13:16:08 | 01,599,896 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64 [On_Demand | Stopped])
DRV:64bit: - [2007/10/11 18:58:28 | 00,030,232 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64 [On_Demand | Running])
DRV:64bit: - [2007/10/11 18:58:16 | 02,055,192 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV:64bit: - [2007/06/29 15:48:06 | 00,039,424 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64 [On_Demand | Running])
DRV:64bit: - [2007/05/09 21:50:48 | 00,050,208 | ---- | M] () -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64 [On_Demand | Stopped])
DRV:64bit: - [2007/05/09 21:46:48 | 01,127,328 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI [On_Demand | Stopped])
DRV:64bit: - [2007/02/16 11:12:36 | 00,012,848 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV:64bit: - [2007/02/15 16:11:26 | 00,012,976 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
DRV:64bit: - [2006/11/02 06:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV:64bit: - [2006/10/31 16:23:42 | 00,015,680 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2007/12/17 18:14:14 | 00,014,392 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2007/09/04 20:26:38 | 00,039,968 | ---- | M] (NVidia Corp.) -- C:\Windows\nvoclk64.sys -- (NVR0Dev [On_Demand | Running])
DRV - [2006/09/18 22:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])
DRV - [2006/09/18 22:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\S-1-5-21-1677974548-3355529863-1534200776-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: firetorrent@radicalsoft.com:1.0.7
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 12:56:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{10289AD8-241D-406C-8168-6508B4D257D6}: C:\DepositFiles\Depositfiles Filemanager\Firefox\ [2009/07/17 21:00:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/28 13:39:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/09/28 13:39:51 | 00,000,000 | ---D | M]

[2009/08/05 16:39:36 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Extensions
[2009/02/13 20:13:14 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/05 16:39:36 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009/10/12 11:56:12 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Firefox\Profiles\w8lf8cup.default\extensions
[2009/10/02 10:21:58 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Firefox\Profiles\w8lf8cup.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/08/08 21:11:09 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Firefox\Profiles\w8lf8cup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/06 12:39:51 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Firefox\Profiles\w8lf8cup.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/20 14:41:53 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Firefox\Profiles\w8lf8cup.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/09/18 12:22:34 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Firefox\Profiles\w8lf8cup.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/08/28 17:52:36 | 00,000,000 | ---D | M] -- C:\Users\A User\AppData\Roaming\mozilla\Firefox\Profiles\w8lf8cup.default\extensions\firetorrent@radicalsoft.com
[2009/10/12 11:56:12 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/10 13:41:21 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/28 11:11:00 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/24 20:53:53 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/30 09:23:47 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/10 13:41:20 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 13:41:20 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/01/27 02:34:38 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/01/27 02:34:16 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/02/06 13:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/10 13:41:20 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL
[2007/05/16 19:00:12 | 00,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOpf.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/03/25 11:42:28 | 00,114,688 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/01/27 02:34:38 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/08/23 00:01:59 | 00,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/23 00:01:59 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/08/23 00:01:59 | 00,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/23 00:01:59 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/23 00:01:59 | 00,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/23 00:02:00 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/08/23 00:02:00 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/23 00:02:00 | 00,000,831 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (806 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files (x86)\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EPSON PageSTM InboxIcon01] C:\Program Files (x86)\EPSON\ISTM3\PG\E_L20IC3.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O7 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1
O7 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O7 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1677974548-3355529863-1534200776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ukaccess.amec.com/dana-cached/sc/Ju...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O27:64bit: - HKLM IFEO\NBService.exe: Debugger - C:\Windows\SysNative\rundll32.exe ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/02/10 10:12:43 | 00,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{03cbd1cf-14d5-11de-b17f-00235407688b}\Shell - "" = AutoRun
O33 - MountPoints2\{569a0417-ab2f-11de-a3b8-00235407688b}\Shell - "" = AutoRun
O33 - MountPoints2\{569a0417-ab2f-11de-a3b8-00235407688b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\Windows\SysWow64\*.tmp files]
[10 C:\Windows\*.tmp files]
[2009/09/28 13:40:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Gogii Games
[2009/09/28 13:41:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/10/08 09:55:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/23 11:18:41 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/09/28 13:39:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2009/09/23 15:44:36 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Roaming\Big Fish Games
[2009/09/28 13:34:53 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Roaming\Coyotes Tale
[2009/09/21 14:22:23 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Roaming\Dream Aquarium
[2009/09/28 12:14:52 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Roaming\Games
[2009/09/28 13:40:28 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Roaming\Gogii Games
[2009/10/08 09:55:52 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Roaming\Malwarebytes
[2009/09/23 16:21:26 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Roaming\Tropico 3
[2009/09/27 13:31:45 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Roaming\U3
[2009/09/28 13:40:28 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Roaming\Zylom
[1 C:\Users\A User\AppData\Local\*.tmp files]
[2009/10/01 15:57:34 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Local\Risen
[2009/09/17 10:22:38 | 00,000,000 | ---D | C] -- C:\Users\A User\AppData\Local\Targem
[1 C:\Users\A User\AppData\Local\*.tmp files]
[2009/09/22 21:57:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Gibinsoft Shared
[2009/10/04 02:16:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Alpha Ball
[2009/10/01 15:38:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2009/09/16 14:07:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2009/09/22 21:57:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GiPo@Utilities
[2009/09/26 18:05:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Headup Games
[2009/09/23 16:18:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso
[2009/10/08 09:55:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/09/30 10:34:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
[2009/09/22 21:33:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2009/09/29 12:48:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/10/04 02:16:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade
[2009/09/22 21:14:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2009/09/28 12:06:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\The Adventure Company
[2009/09/22 21:33:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2009/09/28 13:39:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Zylom Games
[2009/10/01 12:48:42 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009/09/19 10:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2009/10/13 10:40:46 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Users\A User\Desktop\OTL.exe
[2009/10/13 10:39:17 | 17,869,944 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\A User\Desktop\drweb-cureit.exe
[2009/10/08 11:46:27 | 00,000,000 | ---D | C] -- C:\Users\A User\Desktop\Michelle
[2009/10/08 09:55:47 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/10/02 19:12:35 | 00,000,000 | ---D | C] -- C:\Users\A User\Documents\Codemasters
[2009/10/01 15:53:16 | 00,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP
[2009/10/01 12:59:44 | 00,000,000 | ---D | C] -- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
[2009/10/01 12:29:33 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2009/10/01 12:10:36 | 00,000,000 | ---D | C] -- C:\Windows\LastGood.Tmp
[2009/09/29 19:02:27 | 00,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2009/09/29 12:48:51 | 00,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32qt.exe
[2009/09/29 12:48:47 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2009/09/28 12:06:27 | 00,073,728 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\SysWow64\ISUSPM.cpl
[2009/09/26 18:09:41 | 00,000,000 | ---D | C] -- C:\Users\A User\Documents\TwinSector
[2009/09/23 18:38:33 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009/09/22 10:22:49 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2009/09/22 10:19:35 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2009/09/22 10:19:35 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2009/09/22 10:19:35 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2009/09/22 10:19:35 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2009/09/22 10:19:34 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2009/09/22 10:19:34 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2009/09/22 10:19:34 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2009/09/22 10:19:34 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2009/09/22 10:19:33 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2009/09/22 10:19:09 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2009/09/22 10:19:08 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2009/09/22 10:19:04 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kerberos.dll
[2009/09/22 10:19:03 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schannel.dll
[2009/09/22 10:19:03 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/09/22 10:19:03 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll
[2009/09/22 10:19:03 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll
[2009/09/22 10:18:58 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2009/09/22 10:18:58 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2009/09/22 10:18:54 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2009/09/22 10:18:52 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2009/09/22 10:18:49 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
[2009/09/22 10:18:47 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2009/09/22 10:17:53 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/09/22 10:17:53 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2009/09/22 10:17:52 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2009/09/22 10:17:52 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2009/09/22 10:17:52 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2009/09/22 10:17:51 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/09/22 10:17:51 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2009/09/22 10:17:51 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2009/09/22 10:16:23 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2009/09/22 10:16:23 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2009/09/22 10:16:23 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2009/09/18 09:14:43 | 00,000,000 | ---D | C] -- C:\Users\A User\Documents\Jobs
[2009/09/16 14:14:10 | 00,000,000 | ---D | C] -- C:\Users\A User\Documents\NFS SHIFT
[2009/09/16 14:07:24 | 00,000,000 | ---D | C] -- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
[2009/09/16 11:10:08 | 00,000,000 | ---D | C] -- C:\Trend
[2009/09/15 18:44:25 | 00,000,000 | ---D | C] -- C:\187712bbd102d87b8b
[2009/09/15 11:48:23 | 00,000,000 | ---D | C] -- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
[2009/09/14 18:02:14 | 00,000,000 | ---D | C] -- C:\Users\A User\Documents\CAPCOM
[2009/06/20 09:20:58 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\A User\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[6 C:\Windows\SysWow64\*.tmp files]
[10 C:\Windows\*.tmp files]
[1 C:\Users\A User\AppData\Local\*.tmp files]
[2009/10/13 16:49:03 | 00,000,460 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B7FD19E-B3A6-45F5-903A-95C027A3F1F1}.job
[2009/10/13 16:47:19 | 00,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/13 16:47:19 | 00,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/13 16:47:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/13 16:47:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/13 16:45:42 | 00,000,695 | ---- | M] () -- C:\Users\A User\Desktop\DrWeb.csv
[2009/10/13 16:12:42 | 00,001,460 | ---- | M] () -- C:\Users\A User\AppData\Local\d3d9caps64.dat
[2009/10/13 12:07:43 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/10/13 10:58:55 | 00,000,806 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009/10/13 10:40:46 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\A User\Desktop\OTL.exe
[2009/10/13 10:39:36 | 17,869,944 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\A User\Desktop\drweb-cureit.exe
[2009/10/11 14:09:17 | 00,004,096 | -H-- | M] () -- C:\Users\A User\AppData\Local\keyfile3.drm
[2009/10/11 12:36:25 | 00,000,159 | ---- | M] () -- C:\Windows\DMM.INI
[2009/10/09 17:38:50 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/09 17:38:50 | 00,602,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/09 17:38:50 | 00,106,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/09 11:08:50 | 00,118,838 | ---- | M] () -- C:\Users\A User\Desktop\J&D RD30.gif
[2009/10/09 08:54:15 | 01,382,494 | ---- | M] () -- C:\Users\A User\Desktop\Roj Sep2009 029.jpg
[2009/10/08 09:55:50 | 00,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/07 17:21:56 | 47,861,9514 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/10/07 17:15:34 | 13,109,087 | ---- | M] () -- C:\Users\A User\Desktop\GfW Risen Manual US PRINT.pdf
[2009/10/05 12:24:20 | 00,000,548 | ---- | M] () -- C:\Users\A User\Desktop\GUITAR TABS.lnk
[2009/10/03 07:43:16 | 00,032,974 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/10/02 18:43:29 | 00,466,456 | ---- | M] () -- C:\Windows\SysNative\wrap_oal.dll
[2009/10/02 18:43:29 | 00,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2009/10/01 15:53:18 | 00,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2009/09/30 16:42:39 | 00,000,152 | ---- | M] () -- C:\X-Plane Installer.prf
[2009/09/30 15:59:06 | 00,083,968 | ---- | M] () -- C:\Users\A User\Documents\Scott-AGG Crowd Control Unit.doc
[2009/09/30 15:33:34 | 00,054,272 | ---- | M] () -- C:\Users\A User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/30 11:22:10 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/09/30 11:22:10 | 00,045,540 | ---- | M] () -- C:\Windows\SysWow64\QuickTime.qtp
[2009/09/30 11:22:10 | 00,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2009/09/30 11:16:52 | 00,002,987 | ---- | M] () -- C:\Users\A User\Desktop\Microsoft® Office SharePoint® Server 2007 Training.lnk
[2009/09/30 09:17:58 | 02,877,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/09/28 19:03:13 | 00,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2009/09/28 12:07:22 | 00,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2009/09/27 10:30:12 | 00,001,409 | ---- | M] () -- C:\Users\A User\Desktop\PhotoScreensaver.scr.lnk
[2009/09/16 09:20:36 | 00,024,064 | ---- | M] () -- C:\Users\A User\Documents\HDNL.doc
[2009/09/16 00:55:43 | 00,000,211 | -HS- | M] () -- C:\boot.ini

========== Files - No Company Name ==========
[2009/10/13 16:45:42 | 00,000,695 | ---- | C] () -- C:\Users\A User\Desktop\DrWeb.csv
[2009/10/11 14:09:17 | 00,004,096 | -H-- | C] () -- C:\Users\A User\AppData\Local\keyfile3.drm
[2009/10/09 11:08:49 | 00,118,838 | ---- | C] () -- C:\Users\A User\Desktop\J&D RD30.gif
[2009/10/09 08:54:14 | 01,382,494 | ---- | C] () -- C:\Users\A User\Desktop\Roj Sep2009 029.jpg
[2009/10/08 09:55:50 | 00,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 09:55:46 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/07 17:19:54 | 47,861,9514 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/10/07 17:15:15 | 13,109,087 | ---- | C] () -- C:\Users\A User\Desktop\GfW Risen Manual US PRINT.pdf
[2009/10/05 12:24:20 | 00,000,548 | ---- | C] () -- C:\Users\A User\Desktop\GUITAR TABS.lnk
[2009/10/01 12:45:12 | 00,704,000 | ---- | C] () -- C:\Windows\SysNative\cohelper.dll
[2009/09/30 16:44:10 | 00,000,015 | ---- | C] () -- C:\Users\A User\AppData\Local\x-plane_install.txt
[2009/09/30 16:42:39 | 00,000,152 | ---- | C] () -- C:\X-Plane Installer.prf
[2009/09/30 15:51:52 | 00,083,968 | ---- | C] () -- C:\Users\A User\Documents\Scott-AGG Crowd Control Unit.doc
[2009/09/30 11:21:47 | 00,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2009/09/30 11:21:47 | 00,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2009/09/30 10:35:01 | 00,002,987 | ---- | C] () -- C:\Users\A User\Desktop\Microsoft® Office SharePoint® Server 2007 Training.lnk
[2009/09/29 12:48:47 | 00,045,540 | ---- | C] () -- C:\Windows\SysWow64\QuickTime.qtp
[2009/09/28 19:03:13 | 00,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2009/09/27 10:29:54 | 00,001,409 | ---- | C] () -- C:\Users\A User\Desktop\PhotoScreensaver.scr.lnk
[2009/09/22 10:22:49 | 00,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009/09/22 10:19:35 | 01,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2009/09/22 10:19:35 | 00,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2009/09/22 10:19:35 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2009/09/22 10:19:35 | 00,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2009/09/22 10:19:35 | 00,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2009/09/22 10:19:34 | 00,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2009/09/22 10:19:34 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2009/09/22 10:19:34 | 00,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2009/09/22 10:19:34 | 00,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2009/09/22 10:19:33 | 00,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2009/09/22 10:19:08 | 04,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/09/22 10:19:08 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2009/09/22 10:19:05 | 01,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2009/09/22 10:19:05 | 00,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2009/09/22 10:19:04 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/09/22 10:19:03 | 00,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2009/09/22 10:19:03 | 00,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2009/09/22 10:19:03 | 00,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2009/09/22 10:19:03 | 00,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2009/09/22 10:19:03 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2009/09/22 10:18:59 | 02,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2009/09/22 10:18:58 | 03,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2009/09/22 10:18:55 | 02,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2009/09/22 10:18:52 | 00,818,176 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2009/09/22 10:18:49 | 00,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2009/09/22 10:18:47 | 00,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2009/09/22 10:18:47 | 00,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2009/09/22 10:18:47 | 00,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2009/09/22 10:18:46 | 00,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2009/09/22 10:17:56 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/09/22 10:17:53 | 00,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2009/09/22 10:17:52 | 00,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2009/09/22 10:17:52 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2009/09/22 10:17:52 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2009/09/22 10:17:51 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/09/22 10:17:51 | 00,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2009/09/22 10:17:51 | 00,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2009/09/22 10:16:24 | 02,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2009/09/22 10:16:23 | 00,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2009/09/22 10:16:23 | 00,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2009/09/22 10:16:23 | 00,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2009/09/22 10:16:23 | 00,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2009/09/22 10:16:23 | 00,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2009/09/22 10:16:23 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2009/09/18 09:18:02 | 00,034,374 | ---- | C] () -- C:\Users\A User\Documents\Star_Trek-871-Captain_Incoming_Message.wav
[2009/09/16 09:20:35 | 00,024,064 | ---- | C] () -- C:\Users\A User\Documents\HDNL.doc
[2009/09/15 17:47:02 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009/09/11 10:57:38 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/09/11 09:28:51 | 00,000,760 | ---- | C] () -- C:\Users\A User\AppData\Roaming\setup_ldm.iss
[2009/09/09 19:59:19 | 00,000,068 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/09 19:48:57 | 00,010,080 | ---- | C] () -- C:\Users\A User\AppData\Local\Temp29.html
[2009/09/09 19:48:14 | 00,001,293 | ---- | C] () -- C:\Users\A User\AppData\Local\Temp1.html
[2009/09/09 08:40:54 | 00,069,339 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/09/09 08:40:35 | 00,000,596 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_dotnetfx3error.txt
[2009/09/09 08:40:34 | 00,056,090 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_dotnetfx3install.txt
[2009/09/08 22:29:01 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/09/06 19:14:46 | 00,000,159 | ---- | C] () -- C:\Windows\DMM.INI
[2009/08/20 16:55:05 | 00,000,035 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/08/15 12:22:29 | 00,333,448 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_vcredistMSI30EF.txt
[2009/08/15 12:22:26 | 00,012,454 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_vcredistUI30EF.txt
[2009/08/15 11:16:05 | 00,332,770 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_vcredistMSI7E16.txt
[2009/08/15 11:16:00 | 00,011,150 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_vcredistUI7E16.txt
[2009/08/12 15:10:54 | 00,412,762 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_vcredistMSI4772.txt
[2009/08/12 15:10:52 | 00,011,486 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_vcredistUI4772.txt
[2009/08/10 12:35:13 | 00,700,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/08 13:02:16 | 00,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/08 13:01:56 | 00,032,974 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/05 20:10:14 | 00,020,992 | ---- | C] () -- C:\Windows\SysWow64\srmApeInfo.dll
[2009/06/21 18:14:28 | 00,005,692 | ---- | C] () -- C:\Users\A User\AppData\Roaming\PhotoPro.state.xml
[2009/06/20 09:21:39 | 00,000,033 | ---- | C] () -- C:\Users\A User\AppData\Roaming\pcouffin.log
[2009/06/20 09:20:58 | 00,099,384 | ---- | C] () -- C:\Users\A User\AppData\Roaming\inst.exe
[2009/06/20 09:20:58 | 00,007,859 | ---- | C] () -- C:\Users\A User\AppData\Roaming\pcouffin.cat
[2009/06/20 09:20:58 | 00,001,167 | ---- | C] () -- C:\Users\A User\AppData\Roaming\pcouffin.inf
[2009/05/25 10:50:20 | 00,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2009/05/25 10:47:30 | 00,058,792 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2009/05/23 23:04:13 | 00,000,010 | ---- | C] () -- C:\Windows\SysWow64\VGANGMJYMWSN.SYS
[2009/05/15 18:26:29 | 00,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2009/05/15 18:26:29 | 00,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2009/05/08 22:35:49 | 00,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009/04/24 20:00:09 | 00,001,497 | ---- | C] () -- C:\Windows\SysWow64\SAM60.ini
[2009/04/11 13:36:10 | 00,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/04/11 13:36:10 | 00,000,088 | RHS- | C] () -- C:\Windows\SysWow64\51DB61B364.sys
[2009/04/11 11:52:17 | 00,000,032 | ---- | C] () -- C:\Windows\CD-Start.INI
[2009/04/04 12:46:48 | 00,000,680 | ---- | C] () -- C:\Users\A User\AppData\Local\d3d9caps.dat
[2009/03/28 10:22:25 | 00,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/03/21 14:07:41 | 00,000,002 | ---- | C] () -- C:\Users\A User\AppData\Roaming\ceville_console_history.txt
[2009/03/21 13:48:59 | 00,200,865 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/03/21 13:48:49 | 00,003,530 | ---- | C] () -- C:\Users\A User\AppData\Local\uxeventlog.txt
[2009/03/21 13:48:49 | 00,000,002 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_dotnetfx35error.txt
[2009/03/21 13:48:48 | 00,140,152 | ---- | C] () -- C:\Users\A User\AppData\Local\dd_dotnetfx35install.txt
[2009/02/28 18:45:20 | 00,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/02/28 18:45:20 | 00,000,088 | RHS- | C] () -- C:\ProgramData\E26F3213F5.sys
[2009/02/28 14:44:15 | 00,000,109 | ---- | C] () -- C:\Windows\disney.ini
[2009/02/15 00:12:13 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/02/15 00:12:13 | 00,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/02/14 21:52:39 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/02/14 21:49:31 | 00,054,272 | ---- | C] () -- C:\Users\A User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/14 19:41:23 | 00,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009/02/13 18:39:29 | 00,024,265 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/02/13 18:39:20 | 00,023,995 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/02/13 18:33:17 | 00,061,752 | ---- | C] () -- C:\Users\A User\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/13 18:32:43 | 00,001,460 | ---- | C] () -- C:\Users\A User\AppData\Local\d3d9caps64.dat
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/21 03:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 03:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/08/01 04:39:28 | 00,012,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/03/12 13:01:30 | 00,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006/11/02 16:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 13:34:27 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 13:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:FF249DBDE674F77C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:ECF54A0E
< End of report >


EXTRAS.txt was not produced by the scan.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:13 AM

Posted 13 October 2009 - 01:09 PM

The log's looking good. How is the PC doing now?

Can you run two more things for me.

Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

Then close Firefox and then reopen it.


Then

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :(
Posted Image
m0le is a proud member of UNITE

#14 Marti-S

Marti-S
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:North East (rural) England
  • Local time:08:13 AM

Posted 14 October 2009 - 11:05 AM

m0le

Ran ATF and ESET as requested.

ESET had nothing to report - 0 threats found.

I still have the orignal problem tho. After loading windows the first time I try to right-click, whether on desktop or within explorer, explorer freezes and I have CTRL/ALT/DEL to terminate and restart the software.

Regardless of whether you can help me with this, I'd like to thank you for your help in discovering the threats I didn't realise were hidden on my PC.

M

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:13 AM

Posted 14 October 2009 - 01:24 PM

Yes, it maybe non-malware related but with the malware that was there without your knowledge it may not be that simple.

We can take a look at the processes that are running and see if there's anything there. :(

On booting the PC run the following program. Instructions below:

Please download and run Process Explorer

If Process explorer won't execute rename it Iexplore.exe

Under File and Save As, create a log and copy and paste it into your next reply
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users