Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google searchs get redirected to unknown sites


  • This topic is locked This topic is locked
15 replies to this topic

#1 ShinRock

ShinRock

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 07 April 2010 - 09:52 PM

Hello

Over the last 12 hours my browser get redirected on searches using google and random web pages windows have popped up out of nowhere.

Tried to run gmer and DDR - no luck i get a command screen for a second and it ends with an unknown error.

Tried various on and offline virus scanners, spybot and Hitman Pro . Also noticed my taskmgr.exe is missing also.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47:54, on 08/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 89.149.249.198 www.google.com
O1 - Hosts: 89.149.249.198 www.google.de
O1 - Hosts: 89.149.249.198 www.google.fr
O1 - Hosts: 89.149.249.198 www.google.co.uk
O1 - Hosts: 89.149.249.198 www.google.com.br
O1 - Hosts: 89.149.249.198 www.google.it
O1 - Hosts: 89.149.249.198 www.google.es
O1 - Hosts: 89.149.249.198 www.google.co.jp
O1 - Hosts: 89.149.249.198 www.google.com.mx
O1 - Hosts: 89.149.249.198 www.google.ca
O1 - Hosts: 89.149.249.198 www.google.com.au
O1 - Hosts: 89.149.249.198 www.google.nl
O1 - Hosts: 89.149.249.198 www.google.co.za
O1 - Hosts: 89.149.249.198 www.google.be
O1 - Hosts: 89.149.249.198 www.google.gr
O1 - Hosts: 89.149.249.198 www.google.at
O1 - Hosts: 89.149.249.198 www.google.se
O1 - Hosts: 89.149.249.198 www.google.ch
O1 - Hosts: 89.149.249.198 www.google.pt
O1 - Hosts: 89.149.249.198 www.google.dk
O1 - Hosts: 89.149.249.198 www.google.fi
O1 - Hosts: 89.149.249.198 www.google.ie
O1 - Hosts: 89.149.249.198 www.google.no
O1 - Hosts: 89.149.249.198 www.google.ru
O1 - Hosts: 89.149.249.198 www.google.ua
O1 - Hosts: 89.149.249.198 www.google.pl
O1 - Hosts: 89.149.249.198 www.google.ro
O1 - Hosts: 89.149.249.198 www.google.co.nz
O1 - Hosts: 89.149.249.198 www.google.in
O1 - Hosts: 89.149.249.198 www.google.th
O1 - Hosts: 89.149.249.198 www.google.tr
O1 - Hosts: 89.149.249.198 www.google.hu
O1 - Hosts: 89.149.249.198 www.google.cr
O1 - Hosts: 89.149.249.198 www.google.lv
O1 - Hosts: 89.149.249.198 www.google.lt
O1 - Hosts: 89.149.249.198 www.google.bg
O1 - Hosts: 89.149.249.198 www.google.be
O1 - Hosts: 89.149.249.198 www.google.vn
O1 - Hosts: 89.149.249.198 www.google.ve
O1 - Hosts: 89.149.249.198 www.google.sw
O1 - Hosts: 89.149.249.198 search.yahoo.com
O1 - Hosts: 89.149.249.198 us.search.yahoo.com
O1 - Hosts: 89.149.249.198 uk.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files

\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:

\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -

atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Program Files\AnVir Task Manager

Free\AnVir.exe" Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\iotl.tmp\svchost.exe (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\iotl.tmp\svchost.exe (User

'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows

\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-

11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control)

- https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -

http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -

http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx1.hotmail.com/mail/w3/pr01/resou...NPUplden-gb.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: gport_ - C:\Windows\
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:

\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files

\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files

\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour

\mDNSResponder.exe
O23 - Service: gearsec - GEAR Software - C:\Windows\system32\gearsec.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:

\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-

win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp

\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib

\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:

\Windows\system32\nvvsvc.exe

--
End of file - 8322 bytes




Many thanks if anyone can help me please

Rocku

Edited by ShinRock, 08 April 2010 - 07:04 AM.


BC AdBot (Login to Remove)

 


#2 ShinRock

ShinRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 08 April 2010 - 07:03 AM

Ok I seems that with some tinkering and some files importing - namerly the stuff that magically disapeared from sytem32 ive got GMER and DSS running

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-08 14:50:08
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Jayrei\AppData\Local\Temp\pxryipoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E04FB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1D1A8

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86883AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERNestedWindowLimit 50
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 0

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----







DDS (Ver_10-03-17.01) - NTFSx86
Run by Jayrei at 15:59:21.50 on 08/04/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3326.2345 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\libusbd-nt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jayrei\Desktop\tryddsgen.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AnVir Task Manager Free] "c:\program files\anvir task manager free\AnVir.exe" Minimized
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [cbssreg] c:\windows\temp\iotl.tmp\svchost.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
Trusted Zone: com.tw\www.msi
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-gb.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 89.149.249.198 www.google.com
Hosts: 89.149.249.198 www.google.de
Hosts: 89.149.249.198 www.google.fr
Hosts: 89.149.249.198 www.google.co.uk
Hosts: 89.149.249.198 www.google.com.br

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-29 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-13 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-13 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-13 267432]

Attached Files


Edited by ShinRock, 08 April 2010 - 10:12 AM.


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:13 PM

Posted 11 April 2010 - 12:40 PM

Hi ShinRock, and welcome to Bleeping Computer.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Post the log from ComboFix when you've accomplished that.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#4 ShinRock

ShinRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 11 April 2010 - 01:05 PM

ok here it is....


ComboFix 10-04-10.02 - Jayrei 11/04/2010 18:48:02.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3326.2163 [GMT 1:00]
Running from: c:\users\Jayrei\Desktop\rename.exe
.

((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-09 23:27 . 2010-04-09 23:27 -------- d-----w- c:\users\Jayrei\AppData\Local\TVersity
2010-04-09 21:06 . 2010-04-09 21:06 -------- d-----w- c:\users\Jayrei\AppData\Local\Ahead
2010-04-09 21:06 . 2010-04-09 21:06 -------- d-----w- c:\users\Jayrei\AppData\Local\ACD Systems
2010-04-09 19:00 . 2010-04-10 14:27 -------- d-----w- c:\users\Jayrei\AppData\Local\Adobe
2010-04-09 16:20 . 2010-04-09 16:20 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Malwarebytes
2010-04-09 16:20 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 16:19 . 2010-04-11 10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 16:19 . 2010-04-09 16:19 -------- d-----w- c:\programdata\Malwarebytes
2010-04-09 16:19 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 14:30 . 2010-04-09 14:30 -------- d-----w- c:\program files\Common Files\Java
2010-04-09 14:18 . 2010-04-09 14:18 -------- d-----w- c:\users\Jayrei\AppData\Local\AnVir
2010-04-09 12:21 . 2010-04-09 12:21 -------- d-----w- c:\users\Jayrei\AppData\Local\Innovative Solutions
2010-04-09 01:06 . 2010-04-09 01:06 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-08 20:50 . 2010-04-09 00:59 -------- d-sh--w- c:\users\Jayrei\AppData\Roaming\lowsec
2010-04-08 14:56 . 2009-07-14 01:14 10752 ----a-w- c:\windows\system32\verclsid.exe
2010-04-08 14:56 . 2009-07-14 01:14 227328 ----a-w- c:\windows\system32\taskmgr.exe
2010-04-08 14:56 . 2009-07-14 01:14 301568 ----a-w- c:\windows\system32\cmd.exe
2010-04-08 01:24 . 2010-04-09 13:46 -------- d-----w- C:\HJThis
2010-04-07 22:00 . 2010-04-08 02:00 -------- d-----w- c:\program files\AnVir Task Manager Free
2010-04-07 21:19 . 2010-04-09 10:33 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-07 21:18 . 2010-04-09 01:06 -------- d-----w- c:\programdata\Hitman Pro
2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-06 12:54 . 2010-04-07 14:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-04-06 12:19 . 2010-04-06 12:19 -------- d-----w- c:\program files\iPod
2010-04-06 12:19 . 2010-04-06 12:19 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-06 12:18 . 2010-04-07 22:21 -------- d-----w- c:\program files\QuickTime
2010-04-06 12:16 . 2010-04-06 12:16 -------- d-----w- c:\program files\Bonjour
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-31 18:02 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-29 13:42 . 2010-04-08 19:01 -------- d-----w- c:\users\Original.Sin.2001.720p.BluRay.x264.REPACK-THUGLiNE
2010-03-29 13:42 . 2010-04-02 19:44 -------- d-----w- c:\users\Original.Sin.2001.720p.BluRay.x264.REPACK-THUGLiNE\Subs
2010-03-29 13:42 . 2010-04-02 19:44 -------- d-----w- c:\users\Original.Sin.2001.720p.BluRay.x264.REPACK-THUGLiNE\Cover
2010-03-28 01:12 . 2010-03-28 01:12 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Avira
2010-03-27 18:35 . 2009-05-11 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-27 18:35 . 2009-05-11 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-20 18:16 . 2010-03-20 18:13 141988 ----a-w- c:\windows\system32\perfi011.dat
2010-03-20 18:16 . 2010-04-11 10:42 417858 ----a-w- c:\windows\system32\perfh011.dat
2010-03-20 18:16 . 2010-04-11 10:42 119098 ----a-w- c:\windows\system32\perfc011.dat
2010-03-20 18:16 . 2010-03-20 18:13 31548 ----a-w- c:\windows\system32\perfd011.dat
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\ja-JP
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\ja
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\0411
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\drivers\ja-JP
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\wbem\ja-JP
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\ja-JP
2010-03-20 18:08 . 2009-07-13 18:16 266240 ----a-w- c:\windows\system32\lzhfldr2.dll
2010-03-20 17:00 . 2010-04-08 19:01 -------- d-----w- c:\users\The.Princess.and.the.Frog
2010-03-18 15:28 . 2010-03-18 15:28 -------- d-----w- c:\users\Jayrei\AppData\Local\Aspyr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 17:49 . 2008-12-18 21:48 -------- d-----w- c:\users\Jayrei\AppData\Roaming\DNA
2010-04-11 17:48 . 2007-11-13 23:35 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Azureus
2010-04-11 10:38 . 2008-12-18 21:48 -------- d-----w- c:\program files\DNA
2010-04-10 12:33 . 2009-04-19 21:34 7282688 ----a-w- c:\users\Jayrei\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-04-10 12:33 . 2009-04-19 21:34 4141117 ----a-w- c:\users\Jayrei\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-04-10 12:31 . 2007-11-13 23:35 -------- d-----w- c:\program files\Azureus
2010-04-09 14:29 . 2008-12-16 17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-09 14:18 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-09 14:16 . 2007-09-09 13:47 -------- d-----w- c:\program files\Java
2010-04-09 12:02 . 2007-06-26 16:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-08 14:52 . 2007-07-08 11:19 -------- d-----w- c:\program files\7-Zip
2010-04-08 12:40 . 2008-06-20 11:04 -------- d-----w- c:\program files\Hide The IP
2010-04-07 22:21 . 2009-07-13 23:11 12368 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-07 22:21 . 2007-08-03 12:37 -------- d-----w- c:\programdata\NVIDIA
2010-04-07 22:21 . 2007-07-28 18:54 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Winamp
2010-04-07 22:21 . 2010-02-02 13:50 -------- d-----w- c:\program files\iTunes
2010-04-07 22:21 . 2007-06-26 16:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 22:21 . 2007-06-26 00:09 -------- d-----w- c:\program files\CCleaner
2010-04-07 20:44 . 2009-09-28 23:29 -------- dc-h--w- c:\programdata\~0
2010-04-07 20:44 . 2008-12-21 12:08 -------- d-----w- c:\programdata\Lavasoft
2010-04-07 20:44 . 2007-06-26 18:14 -------- d-----w- c:\program files\Lavasoft
2010-04-07 20:16 . 2009-07-11 22:00 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-04-07 20:16 . 2009-07-11 22:00 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-04-06 13:08 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-04-06 12:19 . 2007-06-30 13:24 -------- d-----w- c:\program files\Common Files\Apple
2010-03-20 18:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-03-20 18:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-03-20 18:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-03-20 18:14 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-03-20 18:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-03-20 18:13 . 2010-03-20 18:14 31548 ----a-w- c:\windows\inf\PERFLIB\0411\perfd.dat
2010-03-20 18:13 . 2010-03-20 18:14 31548 ----a-w- c:\windows\inf\PERFLIB\0411\perfc.dat
2010-03-20 18:13 . 2010-03-20 18:14 141988 ----a-w- c:\windows\inf\PERFLIB\0411\perfi.dat
2010-03-20 18:13 . 2010-03-20 18:14 141988 ----a-w- c:\windows\inf\PERFLIB\0411\perfh.dat
2010-03-12 17:00 . 2010-03-12 17:00 -------- d-----w- c:\program files\Unigine
2010-03-01 09:05 . 2009-06-13 22:46 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-28 16:53 . 2007-06-27 21:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-28 16:41 . 2010-02-28 16:41 10134 ----a-r- c:\users\Jayrei\AppData\Roaming\Microsoft\Installer\{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}\ARPPRODUCTICON.exe
2010-02-24 10:47 . 2007-06-27 00:48 -------- d-----w- c:\program files\Zoom Player
2010-02-24 10:16 . 2009-10-03 01:03 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 20:07 . 2007-08-23 17:30 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-17 15:42 . 2007-06-26 00:20 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Apple Computer
2010-02-16 13:24 . 2009-06-13 22:46 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-14 22:09 . 2007-06-25 21:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-14 01:55 . 2010-02-11 11:52 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Bioshock2
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 11:50 . 2010-02-11 11:50 -------- d-sh--w- c:\programdata\SecuROM
2010-02-11 07:10 . 2010-02-28 16:55 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-10 18:27 . 2010-02-10 09:30 -------- d-----w- c:\programdata\NOS
2010-02-02 07:45 . 2010-02-24 08:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-26 13:42 . 2009-11-01 19:29 66544 ----a-w- c:\users\Jayrei\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-18 23:29 . 2010-02-10 09:07 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 09:07 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 09:07 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 09:07 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 09:07 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 09:07 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 09:07 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 09:07 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-11 22:18 . 2010-01-11 22:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-11 22:18 . 2010-01-11 22:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 22:18 . 2010-01-11 22:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-11 22:18 . 2010-01-11 22:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-08_18.59.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-03 12:04 . 2010-04-10 16:44 29608 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-04-11 10:40 45008 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-04-08 23:28 . 2010-04-08 14:27 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2010-04-08 23:28 . 2010-04-09 22:12 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2009-11-01 18:35 . 2010-04-11 10:41 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2010-04-11 10:41 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-09 12:17 . 2010-04-09 11:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2009-11-01 19:28 . 2010-04-08 14:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-01 19:28 . 2010-04-11 10:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-04-09 10:40 74112 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-11-01 19:28 . 2010-04-11 10:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 19:28 . 2010-04-08 14:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-01 19:28 . 2010-04-11 10:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-01 19:28 . 2010-04-08 14:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 19:44 . 2010-04-11 10:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-01 19:44 . 2010-04-08 14:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-01 21:01 . 2010-04-11 17:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 21:01 . 2010-04-08 18:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 21:01 . 2010-04-08 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-11-01 21:01 . 2010-04-11 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-11-01 21:01 . 2010-04-11 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-01 21:01 . 2010-04-08 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-01 19:44 . 2010-04-08 18:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-01 19:44 . 2010-04-11 17:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 19:44 . 2010-04-08 14:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 19:44 . 2010-04-11 10:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 19:43 . 2010-04-11 10:40 9042 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-447412767-1499392065-3629256067-1000_UserData.bin
+ 2010-04-10 16:41 . 2010-04-11 10:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-08 14:34 . 2010-04-08 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-10 16:41 . 2010-04-11 10:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-08 14:34 . 2010-04-08 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-04-11 10:42 619206 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-04-11 10:42 107388 c:\windows\System32\perfc009.dat
+ 2010-04-09 14:29 . 2010-04-09 14:29 153376 c:\windows\System32\javaws.exe
- 2009-08-29 19:57 . 2009-07-25 04:23 145184 c:\windows\System32\javaw.exe
+ 2010-04-09 14:29 . 2010-04-09 14:29 145184 c:\windows\System32\javaw.exe
+ 2010-04-09 14:29 . 2010-04-09 14:29 145184 c:\windows\System32\java.exe
- 2009-08-29 19:57 . 2009-07-25 04:23 145184 c:\windows\System32\java.exe
+ 2009-07-14 04:33 . 2010-04-09 00:58 296472 c:\windows\System32\FNTCACHE.DAT
+ 2009-11-01 18:35 . 2010-04-11 10:41 638976 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-09 14:30 . 2010-04-09 14:30 183808 c:\windows\Installer\a5975.msi
+ 2010-04-09 14:28 . 2010-04-09 14:28 581120 c:\windows\Installer\a596d.msi
- 2009-07-14 02:03 . 2010-04-08 15:50 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-04-11 12:14 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 04:34 . 2010-04-01 10:35 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2010-04-09 01:27 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 07:18 . 2010-04-09 11:39 79621705 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"AnVir Task Manager Free"="c:\program files\AnVir Task Manager Free\AnVir.exe" [2010-04-02 1733856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-09-19 685816]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
R3 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952]
R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 135664]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]

.
Contents of the 'Scheduled Tasks' folder

2010-03-01 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-02-28 07:10]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 21:07]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: com.tw\www.msi
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86881AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x70436d4d
SecurityProcedure -> 0x62005c
QueryNameProcedure -> 0x62006c
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.amr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.apd"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bwf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cdda"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gsm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ico"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m15"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m1a"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m2a"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m4b"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m4p"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m75"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mpv"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pics"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qcp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qtpf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rwl"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sfil"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sml"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.swa"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ulw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.vfw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,9c,3e,9a,68,f2,a5,8f,34,fc,6f,01,b6,6a,63,aa,27,2a,1e,93,0d,
a9,63,9e,33,99,4e,4d,d8,ee,eb,d8,13,8b,9e,86,7b,9e,47,fd,67,30,62,9c,56,77,\
"rkeysecu"=hex:fa,79,42,c7,8e,68,ba,d4,44,ec,7a,f0,1d,15,25,bf

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-04-11 19:00:02
ComboFix-quarantined-files.txt 2010-04-11 18:00
ComboFix2.txt 2010-04-09 15:06
ComboFix3.txt 2010-04-08 19:01

Pre-Run: 89,831,198,720 bytes free
Post-Run: 89,846,087,680 bytes free

- - End Of File - - A13633E0555841BEE09EB2B3122D4061


#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:13 PM

Posted 11 April 2010 - 02:08 PM

Hi again ShinRock!.. smile.gif.

Ok, two problems... Firstly, CD emulation software's Drivers has not been disabled - that makes an output pretty strange... Please follow instructions in the Preparation Guide and Disable your CD Emulation Software with DeFogger... Afterwards, perform a fresh scan with ComboFix...

Secondly, you ran ComboFix on your own... I hope you're not getting help elsewhere??..
Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


I need to see previous ComboFix logs... Attach ComboFix2.txt and ComboFix3.txt files to your next post (they'll be in a folder: c:\Qoobox\)...
Then I'll be able to give you further instructions...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 ShinRock

ShinRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 11 April 2010 - 06:48 PM

Hi no i have not been getting help anywhere else - ive just had problems running gmer dds and combofix running, so thats why there are previous logs. Yes turned off antivirus and disabled dvd emulation via Defogger. Also attached 2 and 3 combo logs.
NOTE: - During combofix my system crashed i rebooted and all was fine so i ran combofix again all went fine


ComboFix 10-04-10.02 - Jayrei 12/04/2010 0:27.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3326.2409 [GMT 1:00]
Running from: c:\users\Jayrei\Desktop\rename.exe
.

((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-09 23:27 . 2010-04-09 23:27 -------- d-----w- c:\users\Jayrei\AppData\Local\TVersity
2010-04-09 21:06 . 2010-04-09 21:06 -------- d-----w- c:\users\Jayrei\AppData\Local\Ahead
2010-04-09 21:06 . 2010-04-09 21:06 -------- d-----w- c:\users\Jayrei\AppData\Local\ACD Systems
2010-04-09 19:00 . 2010-04-10 14:27 -------- d-----w- c:\users\Jayrei\AppData\Local\Adobe
2010-04-09 16:20 . 2010-04-09 16:20 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Malwarebytes
2010-04-09 16:20 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 16:19 . 2010-04-11 10:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 16:19 . 2010-04-09 16:19 -------- d-----w- c:\programdata\Malwarebytes
2010-04-09 16:19 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 14:30 . 2010-04-09 14:30 -------- d-----w- c:\program files\Common Files\Java
2010-04-09 14:18 . 2010-04-09 14:18 -------- d-----w- c:\users\Jayrei\AppData\Local\AnVir
2010-04-09 12:21 . 2010-04-09 12:21 -------- d-----w- c:\users\Jayrei\AppData\Local\Innovative Solutions
2010-04-09 01:06 . 2010-04-09 01:06 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-08 20:50 . 2010-04-09 00:59 -------- d-sh--w- c:\users\Jayrei\AppData\Roaming\lowsec
2010-04-08 14:56 . 2009-07-14 01:14 10752 ----a-w- c:\windows\system32\verclsid.exe
2010-04-08 14:56 . 2009-07-14 01:14 227328 ----a-w- c:\windows\system32\taskmgr.exe
2010-04-08 14:56 . 2009-07-14 01:14 301568 ----a-w- c:\windows\system32\cmd.exe
2010-04-08 01:24 . 2010-04-09 13:46 -------- d-----w- C:\HJThis
2010-04-07 22:00 . 2010-04-08 02:00 -------- d-----w- c:\program files\AnVir Task Manager Free
2010-04-07 21:19 . 2010-04-09 10:33 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-07 21:18 . 2010-04-09 01:06 -------- d-----w- c:\programdata\Hitman Pro
2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-06 12:54 . 2010-04-07 14:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-04-06 12:19 . 2010-04-06 12:19 -------- d-----w- c:\program files\iPod
2010-04-06 12:19 . 2010-04-06 12:19 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-06 12:18 . 2010-04-07 22:21 -------- d-----w- c:\program files\QuickTime
2010-04-06 12:16 . 2010-04-06 12:16 -------- d-----w- c:\program files\Bonjour
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-06 12:15 . 2010-04-06 12:15 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-31 18:02 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-29 13:42 . 2010-04-08 19:01 -------- d-----w- c:\users\Original.Sin.2001.720p.BluRay.x264.REPACK-THUGLiNE
2010-03-29 13:42 . 2010-04-02 19:44 -------- d-----w- c:\users\Original.Sin.2001.720p.BluRay.x264.REPACK-THUGLiNE\Subs
2010-03-29 13:42 . 2010-04-02 19:44 -------- d-----w- c:\users\Original.Sin.2001.720p.BluRay.x264.REPACK-THUGLiNE\Cover
2010-03-28 01:12 . 2010-03-28 01:12 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Avira
2010-03-27 18:35 . 2009-05-11 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-27 18:35 . 2009-05-11 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-20 18:16 . 2010-03-20 18:13 141988 ----a-w- c:\windows\system32\perfi011.dat
2010-03-20 18:16 . 2010-04-11 23:30 417858 ----a-w- c:\windows\system32\perfh011.dat
2010-03-20 18:16 . 2010-04-11 23:30 119098 ----a-w- c:\windows\system32\perfc011.dat
2010-03-20 18:16 . 2010-03-20 18:13 31548 ----a-w- c:\windows\system32\perfd011.dat
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\ja-JP
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\ja
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\0411
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\drivers\ja-JP
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\wbem\ja-JP
2010-03-20 18:14 . 2010-03-20 18:14 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\ja-JP
2010-03-20 18:08 . 2009-07-13 18:16 266240 ----a-w- c:\windows\system32\lzhfldr2.dll
2010-03-20 17:00 . 2010-04-08 19:01 -------- d-----w- c:\users\The.Princess.and.the.Frog
2010-03-18 15:28 . 2010-03-18 15:28 -------- d-----w- c:\users\Jayrei\AppData\Local\Aspyr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 23:33 . 2008-12-18 21:48 -------- d-----w- c:\users\Jayrei\AppData\Roaming\DNA
2010-04-11 23:23 . 2008-12-18 21:48 -------- d-----w- c:\program files\DNA
2010-04-11 23:06 . 2007-11-13 23:35 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Azureus
2010-04-10 12:33 . 2009-04-19 21:34 7282688 ----a-w- c:\users\Jayrei\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-04-10 12:33 . 2009-04-19 21:34 4141117 ----a-w- c:\users\Jayrei\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-04-10 12:31 . 2007-11-13 23:35 -------- d-----w- c:\program files\Azureus
2010-04-09 14:29 . 2008-12-16 17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-09 14:18 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-09 14:16 . 2007-09-09 13:47 -------- d-----w- c:\program files\Java
2010-04-09 12:02 . 2007-06-26 16:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-08 14:52 . 2007-07-08 11:19 -------- d-----w- c:\program files\7-Zip
2010-04-08 12:40 . 2008-06-20 11:04 -------- d-----w- c:\program files\Hide The IP
2010-04-07 22:21 . 2009-07-13 23:11 12368 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-07 22:21 . 2007-08-03 12:37 -------- d-----w- c:\programdata\NVIDIA
2010-04-07 22:21 . 2007-07-28 18:54 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Winamp
2010-04-07 22:21 . 2010-02-02 13:50 -------- d-----w- c:\program files\iTunes
2010-04-07 22:21 . 2007-06-26 16:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-07 22:21 . 2007-06-26 00:09 -------- d-----w- c:\program files\CCleaner
2010-04-07 20:44 . 2009-09-28 23:29 -------- dc-h--w- c:\programdata\~0
2010-04-07 20:44 . 2008-12-21 12:08 -------- d-----w- c:\programdata\Lavasoft
2010-04-07 20:44 . 2007-06-26 18:14 -------- d-----w- c:\program files\Lavasoft
2010-04-07 20:16 . 2009-07-11 22:00 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-04-07 20:16 . 2009-07-11 22:00 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-04-06 13:08 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-04-06 12:19 . 2007-06-30 13:24 -------- d-----w- c:\program files\Common Files\Apple
2010-03-20 18:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-03-20 18:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-03-20 18:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-03-20 18:14 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-03-20 18:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-03-20 18:13 . 2010-03-20 18:14 31548 ----a-w- c:\windows\inf\PERFLIB\0411\perfd.dat
2010-03-20 18:13 . 2010-03-20 18:14 31548 ----a-w- c:\windows\inf\PERFLIB\0411\perfc.dat
2010-03-20 18:13 . 2010-03-20 18:14 141988 ----a-w- c:\windows\inf\PERFLIB\0411\perfi.dat
2010-03-20 18:13 . 2010-03-20 18:14 141988 ----a-w- c:\windows\inf\PERFLIB\0411\perfh.dat
2010-03-12 17:00 . 2010-03-12 17:00 -------- d-----w- c:\program files\Unigine
2010-03-01 09:05 . 2009-06-13 22:46 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-28 16:53 . 2007-06-27 21:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-28 16:41 . 2010-02-28 16:41 10134 ----a-r- c:\users\Jayrei\AppData\Roaming\Microsoft\Installer\{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}\ARPPRODUCTICON.exe
2010-02-24 10:47 . 2007-06-27 00:48 -------- d-----w- c:\program files\Zoom Player
2010-02-24 10:16 . 2009-10-03 01:03 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 20:07 . 2007-08-23 17:30 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-17 15:42 . 2007-06-26 00:20 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Apple Computer
2010-02-16 13:24 . 2009-06-13 22:46 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-14 22:09 . 2007-06-25 21:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-14 01:55 . 2010-02-11 11:52 -------- d-----w- c:\users\Jayrei\AppData\Roaming\Bioshock2
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 11:50 . 2010-02-11 11:50 -------- d-sh--w- c:\programdata\SecuROM
2010-02-11 07:10 . 2010-02-28 16:55 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-02 07:45 . 2010-02-24 08:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-26 13:42 . 2009-11-01 19:29 66544 ----a-w- c:\users\Jayrei\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-18 23:29 . 2010-02-10 09:07 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 09:07 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 09:07 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 09:07 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 09:07 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 09:07 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 09:07 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 09:07 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-08_18.59.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-03 12:04 . 2010-04-11 23:25 29760 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-04-11 23:25 45276 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-04-08 23:28 . 2010-04-08 14:27 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2010-04-08 23:28 . 2010-04-09 22:12 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2009-11-01 18:35 . 2010-04-11 23:23 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2010-04-11 23:23 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-09 12:17 . 2010-04-09 11:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2009-11-01 19:28 . 2010-04-08 14:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-01 19:28 . 2010-04-11 23:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-04-09 10:40 74112 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-11-01 19:28 . 2010-04-11 23:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 19:28 . 2010-04-08 14:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-01 19:28 . 2010-04-11 23:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-01 19:28 . 2010-04-08 14:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 19:44 . 2010-04-11 23:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-01 19:44 . 2010-04-08 14:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-01 21:01 . 2010-04-11 23:23 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 21:01 . 2010-04-08 18:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 21:01 . 2010-04-08 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-11-01 21:01 . 2010-04-11 23:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-11-01 21:01 . 2010-04-11 23:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-01 21:01 . 2010-04-08 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-01 19:44 . 2010-04-08 18:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-01 19:44 . 2010-04-11 23:23 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 19:44 . 2010-04-08 14:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 19:44 . 2010-04-11 23:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 19:43 . 2010-04-11 23:25 9042 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-447412767-1499392065-3629256067-1000_UserData.bin
+ 2010-04-11 23:23 . 2010-04-11 23:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-08 14:34 . 2010-04-08 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-11 23:23 . 2010-04-11 23:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-08 14:34 . 2010-04-08 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-04-11 23:30 619206 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-04-11 23:30 107388 c:\windows\System32\perfc009.dat
+ 2010-04-09 14:29 . 2010-04-09 14:29 153376 c:\windows\System32\javaws.exe
- 2009-08-29 19:57 . 2009-07-25 04:23 145184 c:\windows\System32\javaw.exe
+ 2010-04-09 14:29 . 2010-04-09 14:29 145184 c:\windows\System32\javaw.exe
+ 2010-04-09 14:29 . 2010-04-09 14:29 145184 c:\windows\System32\java.exe
- 2009-08-29 19:57 . 2009-07-25 04:23 145184 c:\windows\System32\java.exe
+ 2009-07-14 04:33 . 2010-04-09 00:58 296472 c:\windows\System32\FNTCACHE.DAT
+ 2009-11-01 18:35 . 2010-04-11 23:23 638976 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-09 14:30 . 2010-04-09 14:30 183808 c:\windows\Installer\a5975.msi
+ 2010-04-09 14:28 . 2010-04-09 14:28 581120 c:\windows\Installer\a596d.msi
- 2009-07-14 02:03 . 2010-04-08 15:50 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-04-11 12:14 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 04:34 . 2010-04-01 10:35 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2010-04-09 01:27 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 07:18 . 2010-04-09 11:39 79621705 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"AnVir Task Manager Free"="c:\program files\AnVir Task Manager Free\AnVir.exe" [2010-04-02 1733856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
R3 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952]
R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 135664]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-09-19 685816]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]

.
Contents of the 'Scheduled Tasks' folder

2010-03-01 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-02-28 07:10]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 21:07]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: com.tw\www.msi
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86683AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x6e66744e
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.amr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.apd"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bwf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cdda"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gsm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ico"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m15"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m1a"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m2a"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m4b"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m4p"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m75"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mpv"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pics"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qcp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qtpf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rwl"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sfil"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sml"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.swa"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ulw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.vfw"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-447412767-1499392065-3629256067-1000)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_USERS\S-1-5-21-447412767-1499392065-3629256067-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,9c,3e,9a,68,f2,a5,8f,34,fc,6f,01,b6,6a,63,aa,27,2a,1e,93,0d,
a9,63,9e,33,99,4e,4d,d8,ee,eb,d8,13,8b,9e,86,7b,9e,47,fd,67,30,62,9c,56,77,\
"rkeysecu"=hex:fa,79,42,c7,8e,68,ba,d4,44,ec,7a,f0,1d,15,25,bf

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-04-12 00:43:28
ComboFix-quarantined-files.txt 2010-04-11 23:43
ComboFix2.txt 2010-04-11 18:00
ComboFix3.txt 2010-04-09 15:06
ComboFix4.txt 2010-04-08 19:01

Pre-Run: 89,895,620,608 bytes free
Post-Run: 89,610,215,424 bytes free

- - End Of File - - 50E63D70E6641651E0310A45BD971E7A

Attached Files


Edited by ShinRock, 12 April 2010 - 08:38 AM.


#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:13 PM

Posted 12 April 2010 - 10:52 AM

Hi again ShinRock!.. smile.gif.

The logfile is still not as informative as I'd like it to be (either computer is still infected or it's still a CD-emulators interference)...

Please do the following:
Firstly,
* Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
* Execute the file TDSSKiller.exe by double-clicking on it.
* Wait for the scan and disinfection process to be over.
* When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Secondly (afterwards),
Please re-run Gmer:
Open the program - you should see the Rootkit / Malware tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Important: Close any open programs/windows!
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 ShinRock

ShinRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 12 April 2010 - 12:41 PM

okay here you go

17:55:28:506 1740 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
17:55:28:507 1740 ================================================================================
17:55:28:507 1740 SystemInfo:

17:55:28:507 1740 OS Version: 6.1.7600 ServicePack: 0.0
17:55:28:507 1740 Product type: Workstation
17:55:28:507 1740 ComputerName: BRYANT-PC
17:55:28:508 1740 UserName: Jayrei
17:55:28:508 1740 Windows directory: C:\Windows
17:55:28:508 1740 Processor architecture: Intel x86
17:55:28:508 1740 Number of processors: 2
17:55:28:508 1740 Page size: 0x1000
17:55:28:509 1740 Boot type: Normal boot
17:55:28:509 1740 ================================================================================
17:55:28:511 1740 UnloadDriverW: NtUnloadDriver error 2
17:55:28:511 1740 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:55:33:172 1740 wfopen_ex: Trying to open file C:\Windows\system32\config\system
17:55:33:172 1740 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:55:33:172 1740 wfopen_ex: Trying to KLMD file open
17:55:33:172 1740 wfopen_ex: File opened ok (Flags 2)
17:55:33:209 1740 wfopen_ex: Trying to open file C:\Windows\system32\config\software
17:55:33:210 1740 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:55:33:210 1740 wfopen_ex: Trying to KLMD file open
17:55:33:210 1740 wfopen_ex: File opened ok (Flags 2)
17:55:33:225 1740 Initialize success
17:55:33:225 1740
17:55:33:225 1740 Scanning Services ...
17:55:33:873 1740 Raw services enum returned 476 services
17:55:33:880 1740
17:55:33:880 1740 Scanning Kernel memory ...
17:55:33:881 1740 Devices to scan: 4
17:55:33:881 1740
17:55:33:881 1740 Driver Name: atapi
17:55:33:881 1740 IRP_MJ_CREATE : 8BFD28C4
17:55:33:881 1740 IRP_MJ_CREATE_NAMED_PIPE : 82EFA537
17:55:33:881 1740 IRP_MJ_CLOSE : 8BFD28C4
17:55:33:881 1740 IRP_MJ_READ : 82EFA537
17:55:33:881 1740 IRP_MJ_WRITE : 82EFA537
17:55:33:881 1740 IRP_MJ_QUERY_INFORMATION : 82EFA537
17:55:33:881 1740 IRP_MJ_SET_INFORMATION : 82EFA537
17:55:33:881 1740 IRP_MJ_QUERY_EA : 82EFA537
17:55:33:881 1740 IRP_MJ_SET_EA : 82EFA537
17:55:33:881 1740 IRP_MJ_FLUSH_BUFFERS : 82EFA537
17:55:33:881 1740 IRP_MJ_QUERY_VOLUME_INFORMATION : 82EFA537
17:55:33:881 1740 IRP_MJ_SET_VOLUME_INFORMATION : 82EFA537
17:55:33:881 1740 IRP_MJ_DIRECTORY_CONTROL : 82EFA537
17:55:33:881 1740 IRP_MJ_FILE_SYSTEM_CONTROL : 82EFA537
17:55:33:881 1740 IRP_MJ_DEVICE_CONTROL : 8BFBE47C
17:55:33:881 1740 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8BFBE44E
17:55:33:881 1740 IRP_MJ_SHUTDOWN : 82EFA537
17:55:33:881 1740 IRP_MJ_LOCK_CONTROL : 82EFA537
17:55:33:881 1740 IRP_MJ_CLEANUP : 82EFA537
17:55:33:881 1740 IRP_MJ_CREATE_MAILSLOT : 82EFA537
17:55:33:881 1740 IRP_MJ_QUERY_SECURITY : 82EFA537
17:55:33:881 1740 IRP_MJ_SET_SECURITY : 82EFA537
17:55:33:881 1740 IRP_MJ_POWER : 8BFBE4AA
17:55:33:881 1740 IRP_MJ_SYSTEM_CONTROL : 8BFCDDB2
17:55:33:881 1740 IRP_MJ_DEVICE_CHANGE : 82EFA537
17:55:33:881 1740 IRP_MJ_QUERY_QUOTA : 82EFA537
17:55:33:881 1740 IRP_MJ_SET_QUOTA : 82EFA537
17:55:33:890 1740 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
17:55:33:890 1740
17:55:33:890 1740 Driver Name: atapi
17:55:33:890 1740 IRP_MJ_CREATE : 8BFD28C4
17:55:33:890 1740 IRP_MJ_CREATE_NAMED_PIPE : 82EFA537
17:55:33:890 1740 IRP_MJ_CLOSE : 8BFD28C4
17:55:33:890 1740 IRP_MJ_READ : 82EFA537
17:55:33:890 1740 IRP_MJ_WRITE : 82EFA537
17:55:33:890 1740 IRP_MJ_QUERY_INFORMATION : 82EFA537
17:55:33:890 1740 IRP_MJ_SET_INFORMATION : 82EFA537
17:55:33:890 1740 IRP_MJ_QUERY_EA : 82EFA537
17:55:33:890 1740 IRP_MJ_SET_EA : 82EFA537
17:55:33:890 1740 IRP_MJ_FLUSH_BUFFERS : 82EFA537
17:55:33:890 1740 IRP_MJ_QUERY_VOLUME_INFORMATION : 82EFA537
17:55:33:890 1740 IRP_MJ_SET_VOLUME_INFORMATION : 82EFA537
17:55:33:890 1740 IRP_MJ_DIRECTORY_CONTROL : 82EFA537
17:55:33:890 1740 IRP_MJ_FILE_SYSTEM_CONTROL : 82EFA537
17:55:33:890 1740 IRP_MJ_DEVICE_CONTROL : 8BFBE47C
17:55:33:890 1740 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8BFBE44E
17:55:33:890 1740 IRP_MJ_SHUTDOWN : 82EFA537
17:55:33:890 1740 IRP_MJ_LOCK_CONTROL : 82EFA537
17:55:33:890 1740 IRP_MJ_CLEANUP : 82EFA537
17:55:33:890 1740 IRP_MJ_CREATE_MAILSLOT : 82EFA537
17:55:33:890 1740 IRP_MJ_QUERY_SECURITY : 82EFA537
17:55:33:890 1740 IRP_MJ_SET_SECURITY : 82EFA537
17:55:33:890 1740 IRP_MJ_POWER : 8BFBE4AA
17:55:33:890 1740 IRP_MJ_SYSTEM_CONTROL : 8BFCDDB2
17:55:33:890 1740 IRP_MJ_DEVICE_CHANGE : 82EFA537
17:55:33:890 1740 IRP_MJ_QUERY_QUOTA : 82EFA537
17:55:33:890 1740 IRP_MJ_SET_QUOTA : 82EFA537
17:55:33:892 1740 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
17:55:33:892 1740
17:55:33:892 1740 Driver Name: atapi
17:55:33:892 1740 IRP_MJ_CREATE : 8BFD28C4
17:55:33:892 1740 IRP_MJ_CREATE_NAMED_PIPE : 82EFA537
17:55:33:892 1740 IRP_MJ_CLOSE : 8BFD28C4
17:55:33:892 1740 IRP_MJ_READ : 82EFA537
17:55:33:892 1740 IRP_MJ_WRITE : 82EFA537
17:55:33:892 1740 IRP_MJ_QUERY_INFORMATION : 82EFA537
17:55:33:892 1740 IRP_MJ_SET_INFORMATION : 82EFA537
17:55:33:892 1740 IRP_MJ_QUERY_EA : 82EFA537
17:55:33:892 1740 IRP_MJ_SET_EA : 82EFA537
17:55:33:892 1740 IRP_MJ_FLUSH_BUFFERS : 82EFA537
17:55:33:892 1740 IRP_MJ_QUERY_VOLUME_INFORMATION : 82EFA537
17:55:33:892 1740 IRP_MJ_SET_VOLUME_INFORMATION : 82EFA537
17:55:33:892 1740 IRP_MJ_DIRECTORY_CONTROL : 82EFA537
17:55:33:892 1740 IRP_MJ_FILE_SYSTEM_CONTROL : 82EFA537
17:55:33:892 1740 IRP_MJ_DEVICE_CONTROL : 8BFBE47C
17:55:33:892 1740 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8BFBE44E
17:55:33:892 1740 IRP_MJ_SHUTDOWN : 82EFA537
17:55:33:892 1740 IRP_MJ_LOCK_CONTROL : 82EFA537
17:55:33:892 1740 IRP_MJ_CLEANUP : 82EFA537
17:55:33:892 1740 IRP_MJ_CREATE_MAILSLOT : 82EFA537
17:55:33:892 1740 IRP_MJ_QUERY_SECURITY : 82EFA537
17:55:33:892 1740 IRP_MJ_SET_SECURITY : 82EFA537
17:55:33:892 1740 IRP_MJ_POWER : 8BFBE4AA
17:55:33:892 1740 IRP_MJ_SYSTEM_CONTROL : 8BFCDDB2
17:55:33:892 1740 IRP_MJ_DEVICE_CHANGE : 82EFA537
17:55:33:892 1740 IRP_MJ_QUERY_QUOTA : 82EFA537
17:55:33:892 1740 IRP_MJ_SET_QUOTA : 82EFA537
17:55:33:894 1740 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
17:55:33:894 1740
17:55:33:894 1740 Driver Name: atapi
17:55:33:894 1740 IRP_MJ_CREATE : 8BFD28C4
17:55:33:894 1740 IRP_MJ_CREATE_NAMED_PIPE : 82EFA537
17:55:33:894 1740 IRP_MJ_CLOSE : 8BFD28C4
17:55:33:894 1740 IRP_MJ_READ : 82EFA537
17:55:33:894 1740 IRP_MJ_WRITE : 82EFA537
17:55:33:894 1740 IRP_MJ_QUERY_INFORMATION : 82EFA537
17:55:33:894 1740 IRP_MJ_SET_INFORMATION : 82EFA537
17:55:33:894 1740 IRP_MJ_QUERY_EA : 82EFA537
17:55:33:894 1740 IRP_MJ_SET_EA : 82EFA537
17:55:33:894 1740 IRP_MJ_FLUSH_BUFFERS : 82EFA537
17:55:33:894 1740 IRP_MJ_QUERY_VOLUME_INFORMATION : 82EFA537
17:55:33:894 1740 IRP_MJ_SET_VOLUME_INFORMATION : 82EFA537
17:55:33:894 1740 IRP_MJ_DIRECTORY_CONTROL : 82EFA537
17:55:33:894 1740 IRP_MJ_FILE_SYSTEM_CONTROL : 82EFA537
17:55:33:894 1740 IRP_MJ_DEVICE_CONTROL : 8BFBE47C
17:55:33:894 1740 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8BFBE44E
17:55:33:894 1740 IRP_MJ_SHUTDOWN : 82EFA537
17:55:33:894 1740 IRP_MJ_LOCK_CONTROL : 82EFA537
17:55:33:894 1740 IRP_MJ_CLEANUP : 82EFA537
17:55:33:894 1740 IRP_MJ_CREATE_MAILSLOT : 82EFA537
17:55:33:894 1740 IRP_MJ_QUERY_SECURITY : 82EFA537
17:55:33:894 1740 IRP_MJ_SET_SECURITY : 82EFA537
17:55:33:894 1740 IRP_MJ_POWER : 8BFBE4AA
17:55:33:894 1740 IRP_MJ_SYSTEM_CONTROL : 8BFCDDB2
17:55:33:894 1740 IRP_MJ_DEVICE_CHANGE : 82EFA537
17:55:33:894 1740 IRP_MJ_QUERY_QUOTA : 82EFA537
17:55:33:894 1740 IRP_MJ_SET_QUOTA : 82EFA537
17:55:33:896 1740 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
17:55:33:896 1740
17:55:33:896 1740 Completed
17:55:33:896 1740
17:55:33:896 1740 Results:
17:55:33:897 1740 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
17:55:33:897 1740 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:55:33:897 1740 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:55:33:897 1740
17:55:33:898 1740 fclose_ex: Trying to close file C:\Windows\system32\config\system
17:55:33:898 1740 fclose_ex: Trying to close file C:\Windows\system32\config\software
17:55:33:900 1740 KLMD(ARK) unloaded successfully




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-12 18:41:31
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Jayrei\AppData\Local\Temp\pxryipoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E152D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E8C5C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB1052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x985A0300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x985E3300, 0x1BEE, 0xE8000020]
.text peauth.sys A0843C9D 28 Bytes [C4, 3B, F8, F9, B2, 71, 0C, ...]
.text peauth.sys A0843CC1 28 Bytes [C4, 3B, F8, F9, B2, 71, 0C, ...]
PAGE peauth.sys A0849B9B 72 Bytes [09, CE, C3, 2B, 0A, 20, 18, ...]
PAGE peauth.sys A0849BEC 111 Bytes [D9, 7D, B6, 9C, CE, BB, 84, ...]
PAGE peauth.sys A0849E20 101 Bytes [C9, 32, B2, 92, 29, B5, 43, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1644] kernel32.dll!IsDebuggerPresent 76CAB02B 5 Bytes JMP 08E0CEB0
.text C:\Windows\Explorer.EXE[1644] USER32.dll!ChangeDisplaySettingsExA 767881B7 5 Bytes JMP 08E01E00
.text C:\Windows\Explorer.EXE[1644] USER32.dll!ChangeDisplaySettingsExW 767AFA61 5 Bytes JMP 08E01E30

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\918D22FD-D1FD-42F4-9C7B-B25014CC0887@IPAddress 192.168.1.2

---- EOF - GMER 1.0.15 ----


#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:13 PM

Posted 12 April 2010 - 02:37 PM

Hi again ShinRock!.. smile.gif.

Your logfile looks ok... I reckon no problem persists??..

I'm not sure if ComboFix restored your Hosts file to default (as far as I can remember, it should have)...
Open this file with a Notepad please:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
(file will have no extension and you'll need to set Notepad to show All files)

If it still contains entries of this type:
CODE
89.149.249.198 www.google.com
89.149.249.198 www.google.de
89.149.249.198 www.google.fr

you'll need to reset the hosts file back to the default... Let me know if you need help with this...

Let's update outdated programs (with security vulnerabilities) and perform an online scan with Kaspersky - to make sure we leave nothing behind:

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
    Java™ 6 Update 15
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 4
    Java™ 6 Update 5
    Java™ 6 Update 7
  • Then from your desktop double-click on jre-6u19-windows-i586.exe that you downloaded to install the newest version.

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

I suggest you update OpenOffice to the newest version: OpenOffice.org Downloads

Then,
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your Desktop.
  • Copy and paste that information in your next post.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 ShinRock

ShinRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 12 April 2010 - 04:41 PM

Hi and thanks for the help

Combofix has got rid of the MOved to 302 loop error - hasnt got rid of the pop ups. Redirection from google links is present ,but i have found a way round it every fourth click works fine .
Already have latest version of open office and JAVA ,not sure why you think java is outdated. Also already performed many many off and online scans , even with Kaspersky Online Scanner, before and during our correspondance. Every scan has been clean.
No problems within the HOsts file - check
Doing online scan now just waiting on results to post



#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:13 PM

Posted 12 April 2010 - 05:31 PM

Hi again ShinRock!.. smile.gif.

QUOTE(ShinRock @ Apr 12 2010, 11:41 PM) View Post
Combofix has got rid of the MOved to 302 loop error - hasnt got rid of the pop ups. Redirection from google links is present ,but i have found a way round it every fourth click works fine .

So there is still something left on the machine and hiding... We'll investigate it...

QUOTE
Already have latest version of open office and JAVA ,not sure why you think java is outdated. Also already performed many many off and online scans , even with Kaspersky Online Scanner, before and during our correspondance. Every scan has been clean.

My help is provided mostly on what I see in the logs - and your logs from 8th of April do indicate you have/had old versions of OpenOffice and Java installed... If you updated those programs later, it's ok, though, I couldn't have known it...
And yes, I saw you ran many scans on your own - this also makes my work much harder - I have no idea what was really removed, cured, replaced - please stick to my instructions - performing scan after scan won't help... ;)

Post the online scan's results when ready...

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 ShinRock

ShinRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 13 April 2010 - 06:16 AM

Hello again,

been trying all night to scan with kaspersky and all i get is freezes and hangs. I have run many scans because some were anti-spybot type some adware, malware, virus etc.
And whith the pop up windows and redirection came lots of hidden malicius software so ive daily had to check for malware etc.
Good news is over night the redirections have disappeared ,time will tell about the pop ups tho.

OTL logfile created on: 13/04/2010 12:11:54 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Jayrei\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 3625 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 91.71 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 21.06 Gb Free Space | 14.13% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 42.85 Gb Free Space | 37.42% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 145.04 Gb Total Space | 25.17 Gb Free Space | 17.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: BRYANT-PC
Current User Name: Jayrei
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/13 12:11:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Jayrei\Desktop\OTL.exe
PRC - [2010/04/13 11:39:12 | 000,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Jayrei\AppData\Local\temp\jkos-Jayrei\binaries\ScanningProcess.exe
PRC - [2010/04/09 15:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/04/09 15:29:25 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2010/04/02 15:23:22 | 001,733,856 | ---- | M] (AnVir Software) -- C:\Program Files\AnVir Task Manager Free\AnVir.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/16 16:36:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/13 11:44:26 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/11/11 19:04:14 | 001,505,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2006/11/20 07:13:00 | 004,018,176 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2010/04/13 12:11:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Jayrei\Desktop\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/16 16:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/25 22:11:04 | 000,856,064 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Jayrei\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005/11/30 11:43:00 | 000,058,952 | ---- | M] (GEAR Software) [On_Demand | Stopped] -- C:\Windows\System32\gearsec.exe -- (gearsec)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/12 13:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/04 03:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009/11/03 13:05:03 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/11/03 13:05:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/08/13 23:09:58 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/03 15:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/23 00:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/02/20 12:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/01/18 23:43:20 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/09/19 16:02:53 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/06/21 03:10:24 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/23 07:15:00 | 001,652,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/05/03 16:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/04/12 09:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :



O1 HOSTS File: ([2010/04/09 01:59:16 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.Brenz.pl
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 microsoft
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AnVir Task Manager Free] C:\Program Files\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Jayrei\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jayrei\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/13 12:11:04 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Jayrei\Desktop\OTL.exe
[2010/04/12 22:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/12 22:18:19 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\Desktop\OpenOffice.org 3.2 (en-GB) Installation Files
[2010/04/10 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Local\TVersity
[2010/04/09 22:06:39 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Local\Ahead
[2010/04/09 22:06:36 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Local\ACD Systems
[2010/04/09 20:00:05 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Local\Adobe
[2010/04/09 17:20:07 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Roaming\Malwarebytes
[2010/04/09 17:20:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/09 17:19:58 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/09 17:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/09 17:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/09 16:05:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/09 16:03:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/09 15:52:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/09 15:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/09 15:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/09 15:29:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/09 15:29:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/09 15:29:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/09 15:18:43 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Local\AnVir
[2010/04/09 14:25:32 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Users\Jayrei\Desktop\TDSSKiller.exe
[2010/04/09 13:21:40 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Local\Innovative Solutions
[2010/04/09 02:06:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/08 21:50:35 | 000,000,000 | -HSD | C] -- C:\Users\Jayrei\AppData\Roaming\lowsec
[2010/04/08 20:01:53 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Local\temp
[2010/04/08 19:49:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/08 19:49:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/08 19:49:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/08 19:47:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/08 19:47:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/08 15:56:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2010/04/08 15:56:23 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2010/04/08 02:24:35 | 000,000,000 | ---D | C] -- C:\HJThis
[2010/04/07 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\AnVir Task Manager Free
[2010/04/07 22:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/07 22:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/06 13:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/06 13:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/06 13:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/06 13:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/31 19:02:57 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 19:02:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 19:02:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/28 02:12:34 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Roaming\Avira
[2010/03/27 19:35:44 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/03/27 19:35:44 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/03/26 00:10:02 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\Documents\Square Enix
[2010/03/20 19:14:32 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP
[2010/03/20 19:14:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\ja
[2010/03/20 19:14:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\0411
[2010/03/20 19:14:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP
[2010/03/20 19:08:52 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\usbport.sys.mui
[2010/03/20 19:08:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\volsnap.sys.mui
[2010/03/20 19:08:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\usbhub.sys.mui
[2010/03/20 19:08:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vhdmp.sys.mui
[2010/03/20 19:08:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\portcls.sys.mui
[2010/03/20 19:08:52 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\ja-JP\pscr.sys.mui
[2010/03/20 19:08:52 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\umbus.sys.mui
[2010/03/20 19:08:52 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\tpm.sys.mui
[2010/03/20 19:08:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\serscan.sys.mui
[2010/03/20 19:08:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\wd.sys.mui
[2010/03/20 19:08:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\mpio.sys.mui
[2010/03/20 19:08:50 | 000,031,744 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\ja-JP\yk62x86.sys.mui
[2010/03/20 19:08:50 | 000,013,824 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\ja-JP\e1y6032.sys.mui
[2010/03/20 19:08:50 | 000,013,824 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\ja-JP\e1e6032.sys.mui
[2010/03/20 19:08:50 | 000,011,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\ja-JP\E1G60I32.sys.mui
[2010/03/20 19:08:50 | 000,011,264 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\ja-JP\k57nd60x.sys.mui
[2010/03/20 19:08:50 | 000,011,264 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\ja-JP\b57nd60x.sys.mui
[2010/03/20 19:08:50 | 000,008,192 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\ja-JP\e1q6032.sys.mui
[2010/03/20 19:08:50 | 000,007,680 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\ja-JP\e1k6032.sys.mui
[2010/03/20 19:08:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\serial.sys.mui
[2010/03/20 19:08:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\msdsm.sys.mui
[2010/03/20 19:08:50 | 000,004,608 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\ja-JP\e100b325.sys.mui
[2010/03/20 19:08:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\sermouse.sys.mui
[2010/03/20 19:08:50 | 000,004,096 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\ja-JP\bcm4sbxp.sys.mui
[2010/03/20 19:08:50 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\mouclass.sys.mui
[2010/03/20 19:08:50 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\ja-JP\getn62.sys.mui
[2010/03/20 19:08:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\scsiport.sys.mui
[2010/03/20 19:08:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\rndismpx.sys.mui
[2010/03/20 19:08:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\rndismp6.sys.mui
[2010/03/20 19:08:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\pcmcia.sys.mui
[2010/03/20 19:08:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\parport.sys.mui
[2010/03/20 19:08:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\ataport.sys.mui
[2010/03/20 19:08:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\parvdm.sys.mui
[2010/03/20 19:08:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\MTConfig.sys.mui
[2010/03/20 19:08:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\mouhid.sys.mui
[2010/03/20 19:08:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vwifibus.sys.mui
[2010/03/20 19:08:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\amdide.sys.mui
[2010/03/20 19:08:49 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\tcpip.sys.mui
[2010/03/20 19:08:49 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\bfe.dll.mui
[2010/03/20 19:08:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\afd.sys.mui
[2010/03/20 19:08:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\tunnel.sys.mui
[2010/03/20 19:08:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\modem.sys.mui
[2010/03/20 19:08:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\ws2ifsl.sys.mui
[2010/03/20 19:08:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\wdf01000.sys.mui
[2010/03/20 19:08:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\usbrpm.sys.mui
[2010/03/20 19:08:46 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\srv.sys.mui
[2010/03/20 19:08:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\fvevol.sys.mui
[2010/03/20 19:08:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\scfilter.sys.mui
[2010/03/20 19:08:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\pacer.sys.mui
[2010/03/20 19:08:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\rdbss.sys.mui
[2010/03/20 19:08:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\RNDISMP.sys.mui
[2010/03/20 19:08:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\qwavedrv.sys.mui
[2010/03/20 19:08:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\partmgr.sys.mui
[2010/03/20 19:08:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\ntfs.sys.mui
[2010/03/20 19:08:34 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\ndis.sys.mui
[2010/03/20 19:08:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\nwifi.sys.mui
[2010/03/20 19:08:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\ndisuio.sys.mui
[2010/03/20 19:08:32 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\ndiscap.sys.mui
[2010/03/20 19:08:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\mountmgr.sys.mui
[2010/03/20 19:08:27 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lzhfldr2.dll
[2010/03/20 19:08:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\luafv.sys.mui
[2010/03/20 19:08:26 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\ipnat.sys.mui
[2010/03/20 19:08:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\http.sys.mui
[2010/03/20 19:08:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\fltmgr.sys.mui
[2010/03/20 19:08:15 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\volmgrx.sys.mui
[2010/03/20 19:08:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\pnpmem.sys.mui
[2010/03/20 19:08:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\pci.sys.mui
[2010/03/20 19:08:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\i8042prt.sys.mui
[2010/03/20 19:08:07 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\ja-JP\BrSerIb.sys.mui
[2010/03/20 19:08:07 | 000,006,144 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\ja-JP\ltmdmnt.sys.mui
[2010/03/20 19:08:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\IPMIDrv.sys.mui
[2010/03/20 19:08:07 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vdrvroot.sys.mui
[2010/03/20 19:08:07 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\kbdclass.sys.mui
[2010/03/20 19:08:07 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\mssmbios.sys.mui
[2010/03/20 19:08:07 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\isapnp.sys.mui
[2010/03/20 19:08:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\VIAAGP.SYS.mui
[2010/03/20 19:08:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\ULIAGPKX.SYS.mui
[2010/03/20 19:08:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\SISAGP.SYS.mui
[2010/03/20 19:08:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\NV_AGP.SYS.mui
[2010/03/20 19:08:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\kbdhid.sys.mui
[2010/03/20 19:08:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\AMDAGP.SYS.mui
[2010/03/20 19:08:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\AGP440.sys.mui
[2010/03/20 19:08:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\viac7.sys.mui
[2010/03/20 19:08:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\processr.sys.mui
[2010/03/20 19:08:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\intelppm.sys.mui
[2010/03/20 19:08:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\amdppm.sys.mui
[2010/03/20 19:08:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\amdk8.sys.mui
[2010/03/20 19:08:05 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\bthpan.sys.mui
[2010/03/20 19:08:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\wacompen.sys.mui
[2010/03/20 19:08:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\hdaudbus.sys.mui
[2010/03/20 19:08:05 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\HdAudio.sys.mui
[2010/03/20 19:08:05 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\hidbth.sys.mui
[2010/03/20 19:08:05 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\Dot4usb.sys.mui
[2010/03/20 19:08:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\disk.sys.mui
[2010/03/20 19:08:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\cdrom.sys.mui
[2010/03/20 19:08:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\battc.sys.mui
[2010/03/20 19:08:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\acpi.sys.mui
[2010/03/20 19:08:04 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\ja-JP\BrSerId.sys.mui
[2010/03/20 19:08:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\bthport.sys.mui
[2010/03/20 19:08:04 | 000,003,072 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ja-JP\atikmdag.sys.mui
[2010/03/20 19:08:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\UAGP35.SYS.mui
[2010/03/20 19:08:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\GAGP30KX.SYS.mui
[2010/03/20 19:08:04 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\ja-JP\BrParwdm.sys.mui
[2010/03/20 19:08:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\BTHUSB.SYS.mui
[2010/03/20 19:08:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\bthenum.sys.mui
[2010/03/20 19:08:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\ohci1394.sys.mui
[2010/03/20 19:08:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\1394ohci.sys.mui
[2010/03/18 17:34:22 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\Documents\Aspyr
[2010/03/18 16:28:17 | 000,000,000 | ---D | C] -- C:\Users\Jayrei\AppData\Local\Aspyr
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2008/05/10 14:33:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jayrei\AppData\Roaming\pcouffin.sys
[2007/08/19 22:44:00 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\Jayrei\mqdmmdm.sys
[2007/08/19 22:44:00 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\Jayrei\mqdmserd.sys
[2007/08/19 22:44:00 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\Jayrei\mqdmbus.sys
[2007/08/19 22:44:00 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\Jayrei\mqdmmdfl.sys
[2007/08/19 22:44:00 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\Jayrei\mqdmcmnt.sys
[2007/08/19 22:44:00 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\Jayrei\mqdmwhnt.sys
[2007/08/19 22:44:00 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\Jayrei\mqdmcr.sys
[2007/08/19 22:33:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Jayrei\usbsermptxp.sys
[2007/08/19 22:33:03 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\Jayrei\usbsermpt.sys
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/13 12:13:13 | 006,553,600 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat
[2010/04/13 12:11:08 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Jayrei\Desktop\OTL.exe
[2010/04/13 11:38:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 11:38:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/13 11:35:32 | 001,235,098 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/13 11:35:32 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/13 11:35:32 | 000,417,858 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/04/13 11:35:32 | 000,119,098 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/04/13 11:35:32 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/13 11:31:20 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 11:31:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/13 11:31:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/13 11:31:04 | 000,303,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/13 11:30:48 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 03:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat{7a15e03f-4631-11df-81fa-dae47036461b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/13 03:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat{7a15e03f-4631-11df-81fa-dae47036461b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/13 03:10:05 | 000,065,536 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat{7a15e03f-4631-11df-81fa-dae47036461b}.TM.blf
[2010/04/13 03:09:59 | 002,028,584 | -H-- | M] () -- C:\Users\Jayrei\AppData\Local\IconCache.db
[2010/04/13 02:23:49 | 040,028,493 | ---- | M] () -- C:\Users\Jayrei\Desktop\Fullmetal Alchemist CH 105.rar
[2010/04/13 02:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/13 01:36:49 | 000,008,224 | ---- | M] () -- C:\Users\Jayrei\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/12 22:21:28 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/12 17:40:45 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/04/12 17:40:13 | 000,119,296 | ---- | M] () -- C:\Users\Jayrei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 13:45:46 | 000,524,288 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat{23c72e9f-461d-11df-a103-0019db6a0ad5}.TMContainer00000000000000000002.regtrans-ms
[2010/04/12 13:45:46 | 000,524,288 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat{23c72e9f-461d-11df-a103-0019db6a0ad5}.TMContainer00000000000000000001.regtrans-ms
[2010/04/12 13:45:46 | 000,065,536 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat{23c72e9f-461d-11df-a103-0019db6a0ad5}.TM.blf
[2010/04/11 23:59:22 | 000,000,020 | ---- | M] () -- C:\Users\Jayrei\defogger_reenable
[2010/04/10 14:33:40 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/10 13:31:18 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/04/10 00:27:52 | 000,002,443 | ---- | M] () -- C:\Users\Jayrei\Desktop\TVersity.lnk
[2010/04/09 16:45:23 | 000,000,036 | ---- | M] () -- C:\Users\Jayrei\AppData\Local\housecall.guid.cache
[2010/04/09 16:03:34 | 000,000,258 | ---- | M] () -- C:\Windows\system.ini
[2010/04/09 15:52:19 | 003,910,295 | R--- | M] () -- C:\Users\Jayrei\Desktop\rename.exe
[2010/04/09 15:29:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/04/09 15:29:25 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/09 15:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/09 15:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/09 14:18:28 | 367,357,001 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/09 11:33:58 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/09 02:27:10 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/04/09 02:06:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/09 01:59:16 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/08 14:54:44 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/04/08 14:54:44 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/08 13:15:00 | 000,150,794 | ---- | M] () -- C:\Users\Jayrei\Documents\cc_20100408_131443.reg
[2010/04/08 03:46:07 | 000,000,929 | ---- | M] () -- C:\Users\Jayrei\Desktop\HijackThis.exe - Shortcut.lnk
[2010/04/08 03:11:50 | 000,525,824 | ---- | M] () -- C:\Users\Jayrei\Desktop\dds.exe
[2010/04/08 00:00:46 | 000,524,288 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat{77416fad-428e-11df-8a8f-0019db6a0ad5}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 00:00:46 | 000,524,288 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat{77416fad-428e-11df-8a8f-0019db6a0ad5}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 00:00:46 | 000,065,536 | -HS- | M] () -- C:\Users\Jayrei\ntuser.dat{77416fad-428e-11df-8a8f-0019db6a0ad5}.TM.blf
[2010/04/07 23:33:10 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\AnVir Task Manager Free.lnk
[2010/04/07 23:32:59 | 004,603,552 | ---- | M] () -- C:\Users\Jayrei\Documents\taskfree.exe
[2010/04/07 22:19:08 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/04/07 21:56:43 | 000,001,841 | ---- | M] () -- C:\Users\Jayrei\Desktop\CCleaner.lnk
[2010/04/07 21:16:59 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2010/04/07 21:16:59 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2010/04/06 13:27:02 | 000,000,513 | ---- | M] () -- C:\Users\Jayrei\Desktop\Overlord2.lnk
[2010/04/06 13:19:53 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/30 23:26:01 | 000,002,871 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Photo Manager 2009.lnk
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/26 00:07:14 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\Just Cause 2.lnk
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Users\Jayrei\Desktop\TDSSKiller.exe
[2010/03/20 19:13:58 | 000,141,988 | ---- | M] () -- C:\Windows\System32\perfi011.dat
[2010/03/20 19:13:58 | 000,031,548 | ---- | M] () -- C:\Windows\System32\perfd011.dat
[2010/03/18 17:31:05 | 000,000,774 | ---- | M] () -- C:\Users\Jayrei\Desktop\Star Wars The Force Unleashed.lnk
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/13 02:23:48 | 040,028,493 | ---- | C] () -- C:\Users\Jayrei\Desktop\Fullmetal Alchemist CH 105.rar
[2010/04/12 22:21:28 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/04/12 13:55:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat{7a15e03f-4631-11df-81fa-dae47036461b}.TMContainer00000000000000000002.regtrans-ms
[2010/04/12 13:55:29 | 000,524,288 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat{7a15e03f-4631-11df-81fa-dae47036461b}.TMContainer00000000000000000001.regtrans-ms
[2010/04/12 13:55:29 | 000,065,536 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat{7a15e03f-4631-11df-81fa-dae47036461b}.TM.blf
[2010/04/12 11:21:46 | 000,524,288 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat{23c72e9f-461d-11df-a103-0019db6a0ad5}.TMContainer00000000000000000002.regtrans-ms
[2010/04/12 11:21:46 | 000,524,288 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat{23c72e9f-461d-11df-a103-0019db6a0ad5}.TMContainer00000000000000000001.regtrans-ms
[2010/04/12 11:21:46 | 000,065,536 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat{23c72e9f-461d-11df-a103-0019db6a0ad5}.TM.blf
[2010/04/11 23:59:04 | 000,000,020 | ---- | C] () -- C:\Users\Jayrei\defogger_reenable
[2010/04/10 00:27:52 | 000,002,443 | ---- | C] () -- C:\Users\Jayrei\Desktop\TVersity.lnk
[2010/04/09 17:20:02 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 16:45:23 | 000,000,036 | ---- | C] () -- C:\Users\Jayrei\AppData\Local\housecall.guid.cache
[2010/04/09 14:18:28 | 367,357,001 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/08 19:49:44 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/08 19:49:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/08 19:49:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/08 19:49:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/08 19:49:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/08 13:14:47 | 000,150,794 | ---- | C] () -- C:\Users\Jayrei\Documents\cc_20100408_131443.reg
[2010/04/08 03:46:07 | 000,000,929 | ---- | C] () -- C:\Users\Jayrei\Desktop\HijackThis.exe - Shortcut.lnk
[2010/04/08 03:39:39 | 000,293,376 | ---- | C] () -- C:\Users\Jayrei\Desktop\gmer.exe
[2010/04/08 03:11:47 | 000,525,824 | ---- | C] () -- C:\Users\Jayrei\Desktop\dds.exe
[2010/04/08 02:58:14 | 003,910,295 | R--- | C] () -- C:\Users\Jayrei\Desktop\rename.exe
[2010/04/07 23:33:10 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\AnVir Task Manager Free.lnk
[2010/04/07 23:32:43 | 004,603,552 | ---- | C] () -- C:\Users\Jayrei\Documents\taskfree.exe
[2010/04/07 23:23:03 | 000,524,288 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat{77416fad-428e-11df-8a8f-0019db6a0ad5}.TMContainer00000000000000000002.regtrans-ms
[2010/04/07 23:23:03 | 000,524,288 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat{77416fad-428e-11df-8a8f-0019db6a0ad5}.TMContainer00000000000000000001.regtrans-ms
[2010/04/07 23:23:03 | 000,065,536 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat{77416fad-428e-11df-8a8f-0019db6a0ad5}.TM.blf
[2010/04/07 22:19:22 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/07 22:18:30 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/04/06 13:27:02 | 000,000,513 | ---- | C] () -- C:\Users\Jayrei\Desktop\Overlord2.lnk
[2010/04/06 13:19:53 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/30 23:26:01 | 000,002,871 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Photo Manager 2009.lnk
[2010/03/26 00:07:14 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\Just Cause 2.lnk
[2010/03/20 19:16:01 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat
[2010/03/20 19:16:00 | 000,417,858 | ---- | C] () -- C:\Windows\System32\perfh011.dat
[2010/03/20 19:16:00 | 000,119,098 | ---- | C] () -- C:\Windows\System32\perfc011.dat
[2010/03/20 19:16:00 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat
[2010/03/18 17:31:05 | 000,000,774 | ---- | C] () -- C:\Users\Jayrei\Desktop\Star Wars The Force Unleashed.lnk
[2010/01/28 15:46:12 | 001,048,576 | -HS- | C] () -- C:\Users\Jayrei\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms
[2010/01/28 15:46:12 | 001,048,576 | -HS- | C] () -- C:\Users\Jayrei\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms
[2010/01/28 15:46:12 | 001,048,576 | -HS- | C] () -- C:\Users\Jayrei\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms
[2010/01/28 15:46:12 | 000,065,536 | -HS- | C] () -- C:\Users\Jayrei\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.blf
[2009/11/19 18:16:53 | 000,000,274 | ---- | C] () -- C:\Windows\game.ini
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/11/01 20:54:54 | 000,119,296 | ---- | C] () -- C:\Users\Jayrei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/01 20:26:01 | 000,000,020 | -HS- | C] () -- C:\Users\Jayrei\ntuser.ini
[2009/11/01 19:35:54 | 006,553,600 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat
[2009/11/01 19:35:54 | 000,524,288 | -HS- | C] () -- C:\Users\Jayrei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/01 19:35:54 | 000,524,288 | -HS- | C] () -- C:\Users\Jayrei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 19:35:54 | 000,262,144 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat.LOG2
[2009/11/01 19:35:54 | 000,262,144 | -HS- | C] () -- C:\Users\Jayrei\ntuser.dat.LOG1
[2009/11/01 19:35:54 | 000,065,536 | -HS- | C] () -- C:\Users\Jayrei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/14 00:02:43 | 000,000,226 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/17 17:51:18 | 000,000,195 | ---- | C] () -- C:\Users\Jayrei\tynhamsfence.txt
[2008/11/16 14:25:05 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/09/05 09:31:47 | 000,000,571 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/13 17:22:27 | 000,000,034 | ---- | C] () -- C:\Users\Jayrei\jagex_runescape_preferences.dat
[2008/06/20 10:10:08 | 000,155,648 | ---- | C] () -- C:\Windows\System32\libssl32.dll
[2008/05/10 21:57:32 | 000,000,043 | -HS- | C] () -- C:\Users\Jayrei\AppData\Roaming\.zreglib
[2008/05/10 14:34:40 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2008/05/10 14:34:32 | 000,000,033 | ---- | C] () -- C:\Users\Jayrei\AppData\Roaming\pcouffin.log
[2008/05/10 14:33:41 | 000,081,920 | ---- | C] () -- C:\Users\Jayrei\AppData\Roaming\ezpinst.exe
[2008/05/10 14:33:41 | 000,007,176 | ---- | C] () -- C:\Users\Jayrei\AppData\Roaming\pcouffin.cat
[2008/05/10 14:33:41 | 000,001,144 | ---- | C] () -- C:\Users\Jayrei\AppData\Roaming\pcouffin.inf
[2007/12/26 15:03:35 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
[2007/11/21 16:55:49 | 000,138,784 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007/11/21 16:55:48 | 000,022,328 | ---- | C] () -- C:\Users\Jayrei\AppData\Roaming\PnkBstrK.sys
[2007/11/12 19:57:17 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007/08/23 18:30:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/08/19 22:44:00 | 000,009,913 | ---- | C] () -- C:\Users\Jayrei\MCCI_MDM.INF
[2007/08/19 22:44:00 | 000,006,989 | ---- | C] () -- C:\Users\Jayrei\MCCI_BUS.INF
[2007/08/19 22:44:00 | 000,004,477 | ---- | C] () -- C:\Users\Jayrei\MCCI_SDM.INF
[2007/08/19 22:33:03 | 000,092,312 | ---- | C] () -- C:\Users\Jayrei\1187559183-oem15.PNF
[2007/08/19 22:33:03 | 000,048,144 | ---- | C] () -- C:\Users\Jayrei\1187559183-oem15.inf
[2007/08/19 22:33:03 | 000,029,825 | ---- | C] () -- C:\Users\Jayrei\Motorola_Driver_Log.txt
[2007/08/19 22:33:03 | 000,009,232 | ---- | C] () -- C:\Users\Jayrei\USB_MOT_BRIT.INF
[2007/08/19 22:33:03 | 000,007,201 | ---- | C] () -- C:\Users\Jayrei\USBMOT2000.INF
[2007/08/19 22:33:03 | 000,006,141 | ---- | C] () -- C:\Users\Jayrei\USBMOT2000XP.INF
[2007/08/19 22:33:03 | 000,005,960 | ---- | C] () -- C:\Users\Jayrei\USB_MOT_A1000.INF
[2007/08/19 22:33:03 | 000,005,880 | ---- | C] () -- C:\Users\Jayrei\USB_CMCS_2000.INF
[2007/07/01 23:51:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/07/01 17:29:43 | 000,000,331 | ---- | C] () -- C:\Windows\doom3.ini
[2007/06/27 19:18:42 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007/06/27 19:18:42 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007/06/27 18:48:45 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2007/02/06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/01 16:18:34 | 000,006,912 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
[2006/02/25 19:12:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/02/25 19:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2004/03/18 18:40:32 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2004/03/18 18:40:24 | 000,667,648 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
< End of report >


OTL Extras logfile created on: 13/04/2010 12:11:54 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Jayrei\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 3625 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 91.71 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 21.06 Gb Free Space | 14.13% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 42.85 Gb Free Space | 37.42% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 145.04 Gb Total Space | 25.17 Gb Free Space | 17.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: BRYANT-PC
Current User Name: Jayrei
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\Jayrei\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C9A62F0-D1B3-4E2C-A7D9-24F38FF2A379}" = GEAR driver installer for x86 and x64
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars®
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars® Patch
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}" = Sony Media Manager 2.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D5EA608-37B7-45B5-88FC-93BAB128B037}_is1" = TechArts 3D Custom Girl SP2
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55B1C4AA-8541-4E75-B2CF-CB478F215496}_is1" = Oxin's Style! Cry of Pleasure
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582610B8-E496-4813-993C-4B027173FE38}" = PixiePack Codec Pack
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine®2 Sandbox™2
"{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision®
"{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}" = Spider-Man™ - Web of Shadows
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87DABCF7-2C38-4996-8FBE-053CA6536168}" = Sony ACID Pro 6.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A98BEA7A-5F50-45C9-AB8C-751BBBC661C6}" = Quake Live Internet Explorer Plugin
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DA55E50A-8DE2-4AE2-AA81-E701E3EE23FD}" = MixMeister Fusion Demo
"{DD0D4E07-064F-4979-9062-4D7B586A3365}" = Motorola Software Update
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II
"{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine®2 Sandbox™2
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 9.12 beta
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AnVir Task Manager Free" = AnVir Task Manager Free
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Cesar Millan's Dog Whisperer™" = Cesar Millan's Dog Whisperer™ (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"coreavc_is1" = CoreAVC Pro 1.3.0.0
"Crysis Wars®" = Crysis Wars®
"Crysis Wars® Patch" = Crysis Wars® Patch
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DS-MP3 Source" = DS-MP3 Source 1.30
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow_is1" = ffdshow v1.1.3351 [2010-04-08]
"FineRecovery" = FineRecovery 1.2.16
"FL Studio 8" = FL Studio 8
"FLV Player" = FLV Player 2.0 (build 25)
"FPAdjust" = FPAdjust
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine™
"InstallShield_{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}" = Spider-Man™ - Web of Shadows
"InstallShield_{B7B6C0BE-C919-425C-A493-DF9FF11249F5}" = Enemy Territory - QUAKE Wars™ Demo 1.1 Patch
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Just Cause 2_is1" = Just Cause 2
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"OpenSSL_is1" = OpenSSL 0.9.6m
"PoiZone" = PoiZone
"PS3 Video 9" = PS3 Video 9 5.03
"PunkBusterSvc" = PunkBuster Services
"RealMedia" = RealMedia (remove only)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Silent Hill1.2.1" = Silent Hill
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Swiff Player_is1" = Swiff Player 1.1
"Test My Hardware_is1" = Test My Hardware 2.4
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"Toxic Biohazard" = Toxic Biohazard
"TVersity Media Server" = TVersity Media Server 1.8 Beta
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"YouTube Downloader App" = YouTube Downloader App 1.01
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:13 PM

Posted 13 April 2010 - 01:54 PM

Hi again ShinRock!!.. smile.gif.

OTL logfile looks clean to me...

QUOTE(ShinRock @ Apr 13 2010, 01:16 PM) View Post
Good news is over night the redirections have disappeared ,time will tell about the pop ups tho.

Well, redirections could not have stopped without a reason... ;). However, it's possible an infection causing that is removed now... So you still get those pop-ups, right??.. Please tell me something more about them - what do they show/advertise, to what address they point to, what is the address in the pop-up window (if there is)??.. I just need more details...

Also, do you use a router??.. If yes, do you know how to reset it?.. If you know, please do so...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 ShinRock

ShinRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 14 April 2010 - 10:45 AM

HI and Thanks again


Still good, no pop ups yet (find out better when sysytem has been on for a while). When they have popped up in the past,i have killed them as quickly as possible cos the last one i let load up gave me sdra64 and a load of spyware.
Yes i have a router and as far as i know, to reset it i have to turn it off and on or press the reset button. Thats one of the first things i tried when this first started.

smile.gif

Edited by ShinRock, 14 April 2010 - 10:48 AM.


#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:13 PM

Posted 14 April 2010 - 01:47 PM

Hi again ShinRock!.. smile.gif.

QUOTE(ShinRock @ Apr 14 2010, 05:45 PM) View Post
Still good, no pop ups yet (find out better when sysytem has been on for a while). When they have popped up in the past,i have killed them as quickly as possible cos the last one i let load up gave me sdra64 and a load of spyware.

Yes, that's a good information... As I mentioned earlier, your logs look clean to me, so hopefully it should be ok now... If an infection re-appears, get back to me...
I doubt a pop-up itself can bring infections on your system - it could have been rather a use of an exploit of some sort - either in your Windows or in one of your outdated programs...

QUOTE
Yes i have a router and as far as i know, to reset it i have to turn it off and on or press the reset button. Thats one of the first things i tried when this first started.

Very good!.. thumbup2.gif Make sure you have a non-default password and username placed there...

Please do the following:
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Then,
Please set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl. There, you'll find a few steps to make your web browsing safer. thumbup2.gif

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!

welcome.gif
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users