Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search result is redirected to harmful site


  • This topic is locked This topic is locked
20 replies to this topic

#1 evilguy

evilguy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 19 August 2010 - 05:09 PM

Hi. I would like to seek help to clean up one PC. The symptom is, when ever we click to go to the website from google search result, the browser will redirected to different site. The site is harmful and block by AVG in this PC. At first it impacted Firefox and now it impacted IE as well. I use Malwarebyte, SuperAntispyware, and AVG to scan but it cannot remove the infection. I dont have any idea this PC is impacted by what virus. Attach together is the DDS log


DDS (Ver_10-03-17.01) - NTFSX64
Run by jan at 5:54:02.63 on Fri 08/20/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4094.2534 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Users\jan\AppData\Roaming\CoSoSys\CarryItEasy\CarryLaunch.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Users\jan\Downloads\HijackThis(3).exe
C:\Users\jan\Desktop\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jan\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 130.88.203.27:3128
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files (x86)\free download manager\iefdm2.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Free Download Manager] "c:\program files (x86)\free download manager\fdm.exe" -autorun
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [CarryLaunch] c:\users\jan\appdata\roaming\cososys\carryiteasy\CarryLaunch.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Six Engine] "c:\program files (x86)\asus\epu-4 engine\FourEngine.exe" -r
mRun: [PWRISOVM.EXE] "c:\program files (x86)\poweriso\PWRISOVM.EXE"
mRun: [Ai Nap] "c:\program files (x86)\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files (x86)\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "c:\program files (x86)\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\realte~1.lnk - c:\program files (x86)\realtek usb wireless lan driver and utility\RtWLan.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files (x86)\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jan\appdata\roaming\mozilla\firefox\profiles\twtzi820.default\
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-1-28 33792]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2008-11-30 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2008-11-30 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-2-6 317520]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-5-31 270272]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-5-31 80320]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-5-22 88808]
R1 TVicPort64;TVicPort64;c:\windows\syswow64\drivers\TVicPort64.sys [2008-12-11 16080]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-3 202752]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 Sentinel64;Sentinel64;c:\windows\system32\drivers\sentinel64.sys [2008-11-30 145448]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-3 6402560]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-3 188928]
S1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2009-2-21 737424]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-9-4 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrxusb.sys [2008-7-29 1075712]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athrxu6.sys [2007-7-5 1041920]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 35848]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-20 93184]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.21\RivaTuner64.sys [2008-12-11 19952]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-9-9 257320]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\RpcAgentSrv.exe [2008-12-13 98488]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\drivers\SNTUSB64.SYS [2008-7-11 58664]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service;c:\windows\system32\drivers\ts_athwx.sys [2009-9-8 1741480]
S3 WL230V64;Aztech 802.11g WL230 1211B Driver;c:\windows\system32\drivers\WlanUZG.sys [2008-11-30 559104]

=============== Created Last 30 ================

2010-08-19 16:26:29 188 ----a-w- c:\users\jan\defogger_reenable
2010-08-19 15:10:10 0 d-----w- C:\TDSSKiller_Quarantine
2010-08-17 21:52:38 0 d-----w- c:\users\jan\appdata\roaming\Malwarebytes
2010-08-17 21:52:30 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 21:52:30 0 d-----w- c:\programdata\Malwarebytes
2010-08-17 21:52:30 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-07-16 23:00:35 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-16 23:00:34 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-16 23:00:27 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-05-12 14:06:42 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-12 14:06:42 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-12 14:06:42 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-06-13 16:01:11 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-23 12:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032320090324\index.dat
2009-03-24 11:35:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032420090325\index.dat
2009-03-25 14:55:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032520090326\index.dat
2009-03-29 15:53:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032920090330\index.dat
2009-04-06 11:18:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009033020090406\index.dat
2009-04-13 11:02:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040620090413\index.dat
2009-04-20 10:58:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041320090420\index.dat
2009-04-20 10:58:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042020090421\index.dat
2009-04-23 10:44:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042320090424\index.dat
2009-04-24 12:09:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042420090425\index.dat
2009-04-27 11:42:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042720090428\index.dat
2009-04-28 12:07:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042820090429\index.dat
2009-04-29 12:18:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042920090430\index.dat
2009-04-30 11:37:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009043020090501\index.dat
2009-05-03 13:47:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050320090504\index.dat
2009-05-04 11:16:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050420090505\index.dat
2009-05-05 11:20:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050520090506\index.dat
2009-05-06 11:27:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050620090507\index.dat
2009-05-09 01:16:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050920090510\index.dat
2009-05-12 12:26:41 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051220090513\index.dat
2009-05-13 11:20:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051320090514\index.dat
2009-05-13 22:07:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051420090515\index.dat
2009-05-15 11:36:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051520090516\index.dat
2009-05-16 11:14:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051620090517\index.dat
2009-05-17 08:51:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051720090518\index.dat
2009-06-01 14:12:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060120090602\index.dat
2009-06-02 14:43:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060220090603\index.dat
2009-06-14 22:00:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060820090615\index.dat
2009-06-15 11:53:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061520090616\index.dat
2009-06-16 15:19:12 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061620090617\index.dat
2009-06-17 11:51:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061720090618\index.dat
2009-06-21 14:34:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009062120090622\index.dat
2009-06-28 22:27:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009062220090629\index.dat
2009-06-29 15:41:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009062920090630\index.dat
2009-07-07 12:59:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009070720090708\index.dat
2009-07-11 08:49:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071120090712\index.dat
2009-07-18 01:35:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071820090719\index.dat
2009-07-27 07:44:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009072720090728\index.dat
2009-08-08 14:13:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009080820090809\index.dat
2009-08-09 04:21:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009080920090810\index.dat
2009-08-14 12:41:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081420090815\index.dat
2009-08-15 11:10:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081520090816\index.dat
2009-08-16 10:22:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081620090817\index.dat
2009-08-24 10:56:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081720090824\index.dat
2009-08-24 10:56:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009082420090825\index.dat
2009-08-31 13:29:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009083120090901\index.dat
2009-09-05 05:18:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009090520090906\index.dat
2009-09-09 12:49:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009090920090910\index.dat
2009-09-12 15:36:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091220090913\index.dat
2009-09-13 03:54:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091320090914\index.dat
2009-09-23 22:29:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091420090921\index.dat
2009-09-23 22:29:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092420090925\index.dat
2009-09-29 11:28:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092920090930\index.dat
2009-09-30 23:10:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100120091002\index.dat
2009-10-03 08:09:55 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100320091004\index.dat
2009-10-04 14:51:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100420091005\index.dat
2009-10-05 13:53:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100520091006\index.dat
2009-10-06 11:29:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100620091007\index.dat
2009-10-20 10:28:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102020091021\index.dat
2009-10-25 12:30:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102520091026\index.dat
2009-11-10 13:48:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111020091111\index.dat
2009-11-12 12:54:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111220091113\index.dat
2009-11-14 11:50:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111420091115\index.dat
2009-11-15 11:56:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111520091116\index.dat
2009-12-07 11:40:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009113020091207\index.dat
2009-12-14 10:05:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120720091214\index.dat
2009-12-14 10:05:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121420091215\index.dat
2009-12-17 13:02:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121720091218\index.dat
2009-12-20 12:15:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009122020091221\index.dat
2009-12-28 11:54:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009122120091228\index.dat
2010-01-04 10:51:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009122820100104\index.dat
2010-01-12 11:26:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011220100113\index.dat
2010-01-13 11:34:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011320100114\index.dat
2010-01-22 07:34:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010012220100123\index.dat
2010-01-23 07:23:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010012320100124\index.dat
2010-01-24 11:30:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010012420100125\index.dat
2010-02-10 08:56:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010020120100208\index.dat
2010-02-16 10:32:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010020820100215\index.dat
2010-02-16 14:41:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021620100217\index.dat
2010-02-21 07:27:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022120100222\index.dat
2010-02-28 23:08:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022220100301\index.dat
2010-03-10 11:51:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030120100308\index.dat
2010-03-15 09:34:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030820100315\index.dat
2010-03-15 11:48:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031520100316\index.dat
2010-03-16 13:28:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031620100317\index.dat
2010-03-21 08:54:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032120100322\index.dat
2010-04-19 14:45:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041220100419\index.dat
2010-05-02 22:36:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042620100503\index.dat
2010-05-03 11:37:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050320100504\index.dat
2010-05-04 13:44:55 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050420100505\index.dat
2010-05-05 11:59:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050520100506\index.dat
2010-05-06 09:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050620100507\index.dat
2010-05-07 08:00:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050720100508\index.dat
2010-05-08 07:41:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050820100509\index.dat
2010-05-09 11:53:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050920100510\index.dat
2010-05-11 11:36:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051120100512\index.dat
2010-05-12 10:54:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051220100513\index.dat
2010-05-13 10:51:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051320100514\index.dat
2010-05-14 08:15:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051420100515\index.dat
2010-05-15 15:15:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051520100516\index.dat
2010-05-16 02:50:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051620100517\index.dat
2010-03-01 14:29:59 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-03-01 14:29:59 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-03-01 14:29:59 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-08 11:57:13 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-03-08 11:57:13 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-03-08 11:57:13 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2008-04-10 00:57:02 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 5:54:11.91 ===============
Attached File  ark.log   2.63KB   3 downloads

while waiting, i try several product to remove the infection. Spybot SD manage to remove win32.banker.fgv from my system which AVG, SuperAntispyware and MalwareByte not able to detect it. I had also uninstall JAVA and update the firefox browser to 3.6.8 and everything seem working fine now. However I still need help from someone here to confirm that the PC is free from any virus, trojan or malware infection. There is no way for me to know whether the infection still there or not. Below is the latest DDS log


DDS (Ver_10-03-17.01) - NTFSX64
Run by jan at 1:28:18.64 on Sat 08/21/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4094.2416 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Users\jan\AppData\Roaming\CoSoSys\CarryItEasy\CarryLaunch.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jan\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 130.88.203.27:3128
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files (x86)\free download manager\iefdm2.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Free Download Manager] "c:\program files (x86)\free download manager\fdm.exe" -autorun
uRun: [CarryLaunch] c:\users\jan\appdata\roaming\cososys\carryiteasy\CarryLaunch.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Six Engine] "c:\program files (x86)\asus\epu-4 engine\FourEngine.exe" -r
mRun: [PWRISOVM.EXE] "c:\program files (x86)\poweriso\PWRISOVM.EXE"
mRun: [Ai Nap] "c:\program files (x86)\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files (x86)\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "c:\program files (x86)\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files (x86)\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\realte~1.lnk - c:\program files (x86)\realtek usb wireless lan driver and utility\RtWLan.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files (x86)\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jan\appdata\roaming\mozilla\firefox\profiles\twtzi820.default\
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\users\jan\appdata\roaming\mozilla\firefox\profiles\twtzi820.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-1-28 33800]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2008-11-30 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2008-11-30 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-2-6 317520]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2009-5-31 270272]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2009-5-31 80320]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-5-22 88808]
R1 TVicPort64;TVicPort64;c:\windows\syswow64\drivers\TVicPort64.sys [2008-12-11 16080]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-3 202752]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-20 1153368]
R2 Sentinel64;Sentinel64;c:\windows\system32\drivers\sentinel64.sys [2008-11-30 145448]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-3 6402560]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-3 188928]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athrxu6.sys [2007-7-5 1041920]
S1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2009-2-21 737424]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-9-4 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrxusb.sys [2008-7-29 1075712]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 35848]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-20 93184]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C8CB.tmp [2010-8-20 6144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.21\RivaTuner64.sys [2008-12-11 19952]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-9-9 257320]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\RpcAgentSrv.exe [2008-12-13 98488]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-9-4 7408]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\drivers\SNTUSB64.SYS [2008-7-11 58664]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service;c:\windows\system32\drivers\ts_athwx.sys [2009-9-8 1741480]
S3 WL230V64;Aztech 802.11g WL230 1211B Driver;c:\windows\system32\drivers\WlanUZG.sys [2008-11-30 559104]

=============== Created Last 30 ================

2010-08-20 16:46:10 0 d-----w- c:\programdata\NOS
2010-08-20 15:38:35 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-20 15:38:35 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-08-20 14:04:59 6144 ------w- c:\windows\system32\C8CB.tmp
2010-08-20 14:02:35 6144 ------w- c:\windows\system32\9645.tmp
2010-08-20 13:52:45 18816 ------w- c:\windows\syswow64\SAVRKBootTasks.sys
2010-08-20 13:01:23 6144 ------w- c:\windows\system32\C5F0.tmp
2010-08-20 12:58:56 6144 ------w- c:\windows\system32\8825.tmp
2010-08-20 12:58:37 0 d-----w- c:\program files (x86)\Sophos
2010-08-20 11:10:47 0 d-----w- c:\program files (x86)\CCleaner
2010-08-19 16:26:29 188 ----a-w- c:\users\jan\defogger_reenable
2010-08-19 15:10:10 0 d-----w- C:\TDSSKiller_Quarantine
2010-08-17 21:52:38 0 d-----w- c:\users\jan\appdata\roaming\Malwarebytes
2010-08-17 21:52:30 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 21:52:30 0 d-----w- c:\programdata\Malwarebytes
2010-08-17 21:52:30 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-07-16 23:00:35 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-16 23:00:34 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-16 23:00:27 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-05-12 14:06:42 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-12 14:06:42 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-12 14:06:42 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-06-13 16:01:11 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-23 12:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032320090324\index.dat
2009-03-24 11:35:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032420090325\index.dat
2009-03-25 14:55:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032520090326\index.dat
2009-03-29 15:53:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032920090330\index.dat
2009-04-06 11:18:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009033020090406\index.dat
2009-04-13 11:02:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040620090413\index.dat
2009-04-20 10:58:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041320090420\index.dat
2009-04-20 10:58:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042020090421\index.dat
2009-04-23 10:44:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042320090424\index.dat
2009-04-24 12:09:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042420090425\index.dat
2009-04-27 11:42:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042720090428\index.dat
2009-04-28 12:07:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042820090429\index.dat
2009-04-29 12:18:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009042920090430\index.dat
2009-04-30 11:37:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009043020090501\index.dat
2009-05-03 13:47:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050320090504\index.dat
2009-05-04 11:16:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050420090505\index.dat
2009-05-05 11:20:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050520090506\index.dat
2009-05-06 11:27:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050620090507\index.dat
2009-05-09 01:16:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009050920090510\index.dat
2009-05-12 12:26:41 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051220090513\index.dat
2009-05-13 11:20:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051320090514\index.dat
2009-05-13 22:07:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051420090515\index.dat
2009-05-15 11:36:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051520090516\index.dat
2009-05-16 11:14:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051620090517\index.dat
2009-05-17 08:51:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051720090518\index.dat
2009-06-01 14:12:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060120090602\index.dat
2009-06-02 14:43:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060220090603\index.dat
2009-06-14 22:00:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060820090615\index.dat
2009-06-15 11:53:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061520090616\index.dat
2009-06-16 15:19:12 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061620090617\index.dat
2009-06-17 11:51:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061720090618\index.dat
2009-06-21 14:34:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009062120090622\index.dat
2009-06-28 22:27:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009062220090629\index.dat
2009-06-29 15:41:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009062920090630\index.dat
2009-07-07 12:59:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009070720090708\index.dat
2009-07-11 08:49:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071120090712\index.dat
2009-07-18 01:35:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009071820090719\index.dat
2009-07-27 07:44:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009072720090728\index.dat
2009-08-08 14:13:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009080820090809\index.dat
2009-08-09 04:21:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009080920090810\index.dat
2009-08-14 12:41:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081420090815\index.dat
2009-08-15 11:10:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081520090816\index.dat
2009-08-16 10:22:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081620090817\index.dat
2009-08-24 10:56:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081720090824\index.dat
2009-08-24 10:56:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009082420090825\index.dat
2009-08-31 13:29:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009083120090901\index.dat
2009-09-05 05:18:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009090520090906\index.dat
2009-09-09 12:49:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009090920090910\index.dat
2009-09-12 15:36:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091220090913\index.dat
2009-09-13 03:54:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091320090914\index.dat
2009-09-23 22:29:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091420090921\index.dat
2009-09-23 22:29:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092420090925\index.dat
2009-09-29 11:28:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092920090930\index.dat
2009-09-30 23:10:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100120091002\index.dat
2009-10-03 08:09:55 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100320091004\index.dat
2009-10-04 14:51:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100420091005\index.dat
2009-10-05 13:53:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100520091006\index.dat
2009-10-06 11:29:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100620091007\index.dat
2009-10-20 10:28:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102020091021\index.dat
2009-10-25 12:30:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102520091026\index.dat
2009-11-10 13:48:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111020091111\index.dat
2009-11-12 12:54:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111220091113\index.dat
2009-11-14 11:50:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111420091115\index.dat
2009-11-15 11:56:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111520091116\index.dat
2009-12-07 11:40:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009113020091207\index.dat
2009-12-14 10:05:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120720091214\index.dat
2009-12-14 10:05:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121420091215\index.dat
2009-12-17 13:02:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121720091218\index.dat
2009-12-20 12:15:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009122020091221\index.dat
2009-12-28 11:54:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009122120091228\index.dat
2010-01-04 10:51:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009122820100104\index.dat
2010-01-12 11:26:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011220100113\index.dat
2010-01-13 11:34:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011320100114\index.dat
2010-01-22 07:34:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010012220100123\index.dat
2010-01-23 07:23:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010012320100124\index.dat
2010-01-24 11:30:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010012420100125\index.dat
2010-02-10 08:56:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010020120100208\index.dat
2010-02-16 10:32:44 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010020820100215\index.dat
2010-02-16 14:41:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021620100217\index.dat
2010-02-21 07:27:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022120100222\index.dat
2010-02-28 23:08:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022220100301\index.dat
2010-03-10 11:51:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030120100308\index.dat
2010-03-15 09:34:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030820100315\index.dat
2010-03-15 11:48:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031520100316\index.dat
2010-03-16 13:28:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031620100317\index.dat
2010-03-21 08:54:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032120100322\index.dat
2010-04-19 14:45:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041220100419\index.dat
2010-05-02 22:36:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042620100503\index.dat
2010-05-03 11:37:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050320100504\index.dat
2010-05-04 13:44:55 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050420100505\index.dat
2010-05-05 11:59:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050520100506\index.dat
2010-05-06 09:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050620100507\index.dat
2010-05-07 08:00:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050720100508\index.dat
2010-05-08 07:41:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050820100509\index.dat
2010-05-09 11:53:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050920100510\index.dat
2010-05-11 11:36:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051120100512\index.dat
2010-05-12 10:54:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051220100513\index.dat
2010-05-13 10:51:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051320100514\index.dat
2010-05-14 08:15:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051420100515\index.dat
2010-05-15 15:15:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051520100516\index.dat
2010-05-16 02:50:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051620100517\index.dat
2010-03-01 14:29:59 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-03-01 14:29:59 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-03-01 14:29:59 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2008-04-10 00:57:02 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 1:28:49.19 ===============
Attached File  ark.log   2.63KB   1 downloads

EDIT: Posts merged ~BP

Edited by Budapest, 20 August 2010 - 05:09 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:47 PM

Posted 26 August 2010 - 07:11 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 evilguy

evilguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 28 August 2010 - 01:50 AM

OTL logfile created on: 8/28/2010 14:41:33 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\jan\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80.01 Gb Total Space | 20.79 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive D: | 218.08 Gb Total Space | 217.23 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
Drive E: | 258.00 Gb Total Space | 169.28 Gb Free Space | 65.61% Space Free | Partition Type: NTFS
Drive F: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 40.09 Gb Total Space | 37.48 Gb Free Space | 93.49% Space Free | Partition Type: Ext2
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: jan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/28 14:39:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
PRC - [2010/08/21 00:29:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/17 07:00:35 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 07:00:29 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/04 14:49:58 | 001,994,480 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/25 15:10:14 | 000,172,032 | ---- | M] () -- C:\Users\jan\AppData\Roaming\CoSoSys\CarryItEasy\CarryLaunch.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/02 23:51:42 | 001,427,968 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008/11/02 16:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2008/07/23 17:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/07/11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008/07/11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2008/05/20 17:27:22 | 002,474,031 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/28 14:39:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
MOD - [2008/01/21 10:49:22 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2008/01/21 10:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/21 10:48:21 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2008/01/21 10:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 17:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2006/11/02 17:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/03 12:12:12 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/11/03 16:15:34 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2008/01/21 10:51:22 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/01/21 10:51:03 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/01/21 10:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/21 10:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/05/22 05:38:12 | 000,832,512 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)
SRV - [2010/07/17 07:00:29 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/23 21:48:27 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/07/11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VcommMgr.sys -- (VcommMgr)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VComm.sys -- (VComm)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\TVicPort.sys -- (TVicPort)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\EIO64.sys -- (EIO64)
DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btnetdrv.sys -- (BT)
DRV:64bit: - [2010/07/17 07:00:35 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/17 07:00:27 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/03 21:51:36 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\C8CB.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/03/03 12:23:10 | 006,402,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 11:07:32 | 000,188,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/28 22:33:34 | 000,114,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/05/12 16:58:04 | 001,741,480 | ---- | M] () [CommView] Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2009/02/22 13:41:19 | 000,711,712 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/02/22 13:41:19 | 000,081,952 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2008/12/07 12:44:56 | 000,035,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2008/11/30 14:25:22 | 000,868,848 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008/10/31 16:28:26 | 000,022,944 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2008/09/25 17:39:12 | 000,270,272 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\ext2fs.sys -- (Ext2fs)
DRV:64bit: - [2008/09/23 16:15:00 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008/08/28 22:49:20 | 000,080,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ifsmount.sys -- (IfsMount)
DRV:64bit: - [2008/07/29 04:47:00 | 001,075,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrxusb.sys -- (athrusb)
DRV:64bit: - [2008/07/11 07:05:00 | 000,145,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2008/07/11 07:05:00 | 000,058,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2008/01/21 10:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/01/21 10:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/07/05 02:58:36 | 001,041,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrxu6.sys -- (athrusb6)
DRV:64bit: - [2007/06/04 08:55:26 | 000,559,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WlanUZG.sys -- (WL230V64)
DRV:64bit: - [2007/05/22 05:28:08 | 000,088,808 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nltdi.sys -- (nltdi)
DRV:64bit: - [2007/02/08 18:47:12 | 000,257,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2006/11/10 21:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006/11/02 07:23:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/09/19 05:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/09/04 14:50:02 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/04 14:50:00 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/04 14:49:58 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/12/21 17:48:37 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.21\RivaTuner64.sys -- (RivaTuner64)
DRV - [2007/03/12 16:35:10 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\TVicPort64.sys -- (TVicPort64)
DRV - [2007/02/08 18:47:12 | 000,257,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/02/08 02:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/03/30 10:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\TVicPort.sys -- (TVicPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3724978081-2025215398-879490164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3724978081-2025215398-879490164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3724978081-2025215398-879490164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 130.88.203.27:3128

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..network.proxy.ftp: "192.33.210.17"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "192.33.210.17"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "128.195.54.163"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks: "192.33.210.17"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "192.33.210.17"
FF - prefs.js..network.proxy.ssl_port: 3127

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/20 23:50:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/21 00:29:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/23 18:34:22 | 000,000,000 | ---D | M]

[2008/12/18 22:01:56 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\Mozilla\Extensions
[2010/08/24 22:59:20 | 000,000,000 | ---D | M] -- C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\twtzi820.default\extensions
[2010/08/23 22:44:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\jan\AppData\Roaming\Mozilla\Firefox\Profiles\twtzi820.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/18 06:40:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/26 16:28:39 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/08/21 00:14:37 | 000,416,854 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14388 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3724978081-2025215398-879490164-1000..\Run: [CarryLaunch] C:\Users\jan\AppData\Roaming\CoSoSys\CarryItEasy\CarryLaunch.exe ()
O4 - HKU\S-1-5-21-3724978081-2025215398-879490164-1000..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\S-1-5-21-3724978081-2025215398-879490164-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3724978081-2025215398-879490164-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\jan\Pictures\wallpaperKawin3.jpg
O24 - Desktop BackupWallPaper: C:\Users\jan\Pictures\wallpaperKawin3.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{310c20d1-64c3-11de-90cb-002215a35bc4}\Shell\AutoRun\command - "" = xAVx\ReleAsE\xAVy.exe
O33 - MountPoints2\{310c20d1-64c3-11de-90cb-002215a35bc4}\Shell\open\command - "" = xAVx\ReleAsE\xAVy.exe
O33 - MountPoints2\{6a62599b-a4dc-11de-a9b7-002215a35bc4}\Shell\AutoRun\command - "" = jim\carry\jIm.exe
O33 - MountPoints2\{6a62599b-a4dc-11de-a9b7-002215a35bc4}\Shell\open\command - "" = jim\carry\jIm.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/08/28 14:39:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
[2010/08/25 21:30:40 | 000,000,000 | ---D | C] -- C:\Users\jan\Desktop\bak
[2010/08/20 23:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/20 23:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/08/20 21:52:45 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2010/08/20 20:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/08/20 19:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/20 00:28:13 | 000,000,000 | ---D | C] -- C:\Users\jan\Desktop\virusHelp
[2010/08/19 23:10:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/08/19 23:08:24 | 001,198,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jan\Desktop\TDSSKiller.exe
[2010/08/18 05:52:38 | 000,000,000 | ---D | C] -- C:\Users\jan\AppData\Roaming\Malwarebytes
[2010/08/18 05:52:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/18 05:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/18 05:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/18 05:50:34 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jan\Desktop\balbal.exe
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\jan\Documents\*.tmp files -> C:\Users\jan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/28 14:40:41 | 006,815,744 | -HS- | M] () -- C:\Users\jan\ntuser.dat
[2010/08/28 14:39:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\jan\Desktop\OTL.exe
[2010/08/28 14:26:50 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/28 14:26:50 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/28 14:26:50 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/28 14:26:08 | 064,024,297 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/28 14:22:11 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 14:22:11 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 14:22:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/28 14:22:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/25 22:33:48 | 000,524,288 | -HS- | M] () -- C:\Users\jan\ntuser.dat{37de6a27-4ec9-11df-84c8-002215a35bc4}.TMContainer00000000000000000001.regtrans-ms
[2010/08/25 22:33:48 | 000,065,536 | -HS- | M] () -- C:\Users\jan\ntuser.dat{37de6a27-4ec9-11df-84c8-002215a35bc4}.TM.blf
[2010/08/25 22:33:45 | 004,030,608 | -H-- | M] () -- C:\Users\jan\AppData\Local\IconCache.db
[2010/08/25 21:35:08 | 000,072,704 | ---- | M] () -- C:\Users\jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 22:43:04 | 462,805,777 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/23 22:47:24 | 000,000,218 | ---- | M] () -- C:\Users\jan\.recently-used.xbel
[2010/08/21 00:14:37 | 000,416,854 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/08/20 23:38:39 | 000,001,131 | ---- | M] () -- C:\Users\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/20 23:38:39 | 000,001,107 | ---- | M] () -- C:\Users\jan\Desktop\Spybot - Search & Destroy.lnk
[2010/08/20 22:41:50 | 000,166,244 | ---- | M] () -- C:\Users\jan\Documents\cc_20100820_224055.reg
[2010/08/20 19:10:47 | 000,000,856 | ---- | M] () -- C:\Users\jan\Desktop\CCleaner.lnk
[2010/08/20 00:26:30 | 000,000,188 | ---- | M] () -- C:\Users\jan\defogger_reenable
[2010/08/19 23:01:22 | 000,000,762 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100821-001437.backup
[2010/08/19 22:47:53 | 001,074,232 | ---- | M] () -- C:\Users\jan\Desktop\RootkitBuster_2.80.1077.zip
[2010/08/18 05:52:33 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 09:49:10 | 001,198,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jan\Desktop\TDSSKiller.exe
[2010/08/16 01:50:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jan\Desktop\balbal.exe
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\jan\Documents\*.tmp files -> C:\Users\jan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/24 22:42:16 | 462,805,777 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/23 22:47:24 | 000,000,218 | ---- | C] () -- C:\Users\jan\.recently-used.xbel
[2010/08/20 23:38:39 | 000,001,131 | ---- | C] () -- C:\Users\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/20 23:38:39 | 000,001,107 | ---- | C] () -- C:\Users\jan\Desktop\Spybot - Search & Destroy.lnk
[2010/08/20 22:41:12 | 000,166,244 | ---- | C] () -- C:\Users\jan\Documents\cc_20100820_224055.reg
[2010/08/20 19:10:47 | 000,000,856 | ---- | C] () -- C:\Users\jan\Desktop\CCleaner.lnk
[2010/08/20 00:26:29 | 000,000,188 | ---- | C] () -- C:\Users\jan\defogger_reenable
[2010/08/19 22:47:47 | 001,074,232 | ---- | C] () -- C:\Users\jan\Desktop\RootkitBuster_2.80.1077.zip
[2010/08/18 05:52:33 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/18 05:52:30 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/02 06:48:39 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2009/11/30 14:44:51 | 000,004,096 | -H-- | C] () -- C:\Users\jan\AppData\Local\keyfile3.drm
[2009/09/20 08:09:02 | 002,465,804 | ---- | C] () -- C:\Users\jan\AppData\Local\dd_NET_Framework35_x64_MSI2A52.txt
[2009/09/20 07:59:50 | 000,200,354 | ---- | C] () -- C:\Users\jan\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/20 07:59:46 | 000,172,228 | ---- | C] () -- C:\Users\jan\AppData\Local\dd_dotnetfx35install.txt
[2009/09/20 07:59:46 | 000,002,330 | ---- | C] () -- C:\Users\jan\AppData\Local\uxeventlog.txt
[2009/09/20 07:59:46 | 000,000,002 | ---- | C] () -- C:\Users\jan\AppData\Local\dd_dotnetfx35error.txt
[2009/09/05 15:24:37 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/28 22:36:19 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/06/02 22:41:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/06/02 22:41:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/05/24 09:55:26 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/04/29 00:38:13 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/01/31 15:35:56 | 000,000,680 | ---- | C] () -- C:\Users\jan\AppData\Local\d3d9caps.dat
[2008/12/29 23:11:04 | 000,000,903 | ---- | C] () -- C:\Windows\MD_MicroDiffs.INI
[2008/12/29 23:11:04 | 000,000,903 | ---- | C] () -- C:\Windows\MD_MacroDiffs.INI
[2008/12/29 23:11:04 | 000,000,817 | ---- | C] () -- C:\Windows\CFX.INI
[2008/12/29 22:39:08 | 000,000,026 | ---- | C] () -- C:\Windows\SW_Win2000X16.DLL
[2008/12/29 22:38:49 | 000,000,078 | ---- | C] () -- C:\Windows\SW_Win2000X9.DLL
[2008/12/29 22:37:05 | 000,225,280 | ---- | C] () -- C:\Windows\SysWow64\DrakeCom.dll
[2008/12/29 22:37:05 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\SII_PDF.dll
[2008/12/29 22:37:05 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll
[2008/12/29 22:37:05 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2008/12/13 16:35:35 | 008,101,888 | ---- | C] () -- C:\ProgramData\sandra.mda
[2008/11/30 22:04:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/30 02:57:19 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008/11/30 02:57:19 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008/11/30 02:23:57 | 000,072,704 | ---- | C] () -- C:\Users\jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/30 00:46:29 | 000,026,337 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/11/30 00:27:47 | 000,000,732 | ---- | C] () -- C:\Users\jan\AppData\Local\d3d9caps64.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/21 10:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 10:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/28 15:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 10:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/21 10:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 19:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 17:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 10:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 10:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008/01/21 10:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/21 10:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/21 10:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/21 10:46:02 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2008/01/21 10:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 10:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/21 10:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/21 10:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/21 10:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >

OTL Extras logfile created on: 8/28/2010 14:41:33 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\jan\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80.01 Gb Total Space | 20.79 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive D: | 218.08 Gb Total Space | 217.23 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
Drive E: | 258.00 Gb Total Space | 169.28 Gb Free Space | 65.61% Space Free | Partition Type: NTFS
Drive F: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 40.09 Gb Total Space | 37.48 Gb Free Space | 93.49% Space Free | Partition Type: Ext2
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: jan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3724978081-2025215398-879490164-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A8417CB-33A0-41B6-97DD-CA47AFFD3784}" = rport=445 | protocol=6 | dir=out | app=system |
"{2D895346-619F-42B0-A8C1-99619D8D83F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{303E493F-4278-4D8F-A1CA-40F18013DD87}" = lport=139 | protocol=6 | dir=in | app=system |
"{31EA433E-FBC1-4CAA-A50F-BD941326986B}" = rport=137 | protocol=17 | dir=out | app=system |
"{36FEFA96-36ED-433C-AC86-4A6532AEE222}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{40FB73D2-3215-4F6F-AD05-9075804E7B5C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{50BCB989-0F7B-4BBC-8E85-B2368BDA97C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{543B9A4F-6636-4D34-AE23-46C570D39348}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{56AEF689-6963-4685-9E30-5EE3E1F63284}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{5E3B1993-638F-4934-A05A-3F4B4189B92C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5EE73906-6A03-4A27-84D7-2E5CC7A747E8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{65E245EA-FDD1-406D-AC4A-3B197F5EF13C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{6993173F-88B0-4300-9C65-3EE4E6403FC6}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{6CCB8480-B585-4EB4-82C2-7C40391CAABD}" = lport=138 | protocol=17 | dir=in | app=system |
"{77761E80-B48C-4F94-8880-E56CE88B8327}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{7A6CD969-A7E6-4CFD-AB4C-365CDDE76DDF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{88760988-505A-4E80-857F-14A73CD3C29E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8884A667-443E-4C2C-AA02-3A832B92C972}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\rpcagentsrv.exe |
"{8D45B172-66B3-47C3-8E92-03BA62459AC8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8E56146C-40F9-4DDE-9C86-22A2E50F29F8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{92585954-C869-4B22-8443-50993B7C9862}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{98FDA2AE-2CF8-4BDF-9292-C3D0998C45A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{9C9AAEE2-598B-4C8B-A6B7-58640FE8BB96}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E18789C-0F54-49E2-A70C-925E87760C15}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{9FFAB8BC-13F0-474F-B250-F7DEEFD51323}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{AFD0F2FD-1617-44E7-ACA6-56B80DF7234A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AFF48983-91F4-4289-AAC0-AFCFD518DFF7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{B1A790C6-7043-4745-BA1C-77B614CE82A5}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{B4CC56A1-ECAA-4177-A3D9-DE3658168ECE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{B4ED247C-B0D2-43A0-ADEF-BF16E2DD4A32}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{C7A91E00-0476-4BA6-9A59-E541DB668BC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC403CDF-95C8-41F8-81EC-B23BBED4853E}" = rport=139 | protocol=6 | dir=out | app=system |
"{CDE33740-D463-4A3C-91C1-8BC2F0FE9967}" = rport=138 | protocol=17 | dir=out | app=system |
"{D81EE4F8-3C6E-4B63-87E0-D2CF59034254}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x64\rpcsandrasrv.exe |
"{EEE4A81F-2074-443F-9AAF-10C0B47E06D2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FF14B465-2F40-4B70-93DD-6310022B1F07}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03108A11-C18D-4FE2-BC1E-200857754AEF}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{17784B2C-E7A0-4396-ABAF-740AEDDD15F2}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{1C9824FC-6BD9-490D-9C8A-5264B103ED90}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{20D8FD88-8088-430A-BF19-3B81ED4F0CF7}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{2EAA4C6B-5D12-42C1-8289-5A8A0D509F80}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{32EEF156-7189-4C4E-9CEE-57F29CC70BBD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector express\pdx.exe |
"{3BD2BC99-4752-4FD5-AC85-4A015F438E22}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\asusupdate\update.exe |
"{410A27B1-2178-4D1B-8005-371ADDB51130}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{43A7FC1C-CBF0-43C7-8E44-64FC048159F3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{50A0CFB2-6436-4942-8328-13E5CC94DA94}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{5393FF80-52C2-4B5D-A7E1-FAF5E45FABF0}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\asusupdate\update.exe |
"{5672B0F2-2BC8-4796-916E-045114338E73}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{5762B272-B6D9-4107-9E9B-E6AE91DE659A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{57D90B34-3DB2-4B0A-BA5A-E3A035A858FE}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{5C735CC0-5B81-47DD-851A-BF0ABE9A9AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{5CDA4DAF-79C8-4DBF-9520-1B23D992140B}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{5E49F468-20A9-4D7A-A38A-D63A35731D48}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{648B56AF-0DDF-4062-9036-7446D3A04BA9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{65193797-5D56-47C7-8A1D-7E8B58501180}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{6D779AB3-76FF-4014-ACC4-F6168800F6C3}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{7AC57966-E8B3-489D-A38C-CC965CFF73D5}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{7D5272E9-7FD1-4657-B8BE-7EC3ECC418DB}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{81ECE8A8-FD99-4CCF-B1CF-6EA2DC974986}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{899F4483-2799-4A39-9878-9DB9DD9634A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9297BD8B-92B8-47E4-B427-438D5D1639FF}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{9BACD11E-5694-4F47-A0AD-AF6E4523DCF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A482F202-6D5F-4FAA-A042-9FCC385AB50F}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{B2E5860A-058E-497D-9D5C-546287F67569}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{C75C9263-ED0F-4BCC-848B-039D12E43057}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{CCAC9BA6-AA08-4BF8-91BD-C028D14567B6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{CE8F9B1E-6ACF-4CE7-9E31-59B2BC8DBB02}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D1985E2A-2BDD-4465-AA2F-A5041289C239}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{D449A06F-16BE-41AD-AC99-26B28429B9E5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E5410D34-4CF8-4BC2-BF8A-2FDA90A8F699}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{E80AF214-5BBC-4F68-A791-1A505F4D766C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{EB80DAB1-A3E6-4028-9C8F-39942617FA92}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{ECD785BB-A73E-4C75-B90C-16F91AA5F750}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{EEE309C1-F01B-4232-BF15-477040913B3F}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{F11F42B6-CDE5-46E3-8010-0B59BD757620}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"TCP Query User{066914C2-E337-4896-B890-34DD56E45CCB}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{1F04CC7F-3C32-4FF7-8740-36C45BD01717}C:\program files (x86)\fisting4fun\commview for wifi\commviewwifi\wepdecoder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fisting4fun\commview for wifi\commviewwifi\wepdecoder.exe |
"TCP Query User{211320AE-26DA-4F38-B404-E97751CBB74C}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{27343A26-9009-4719-B25A-1945E6D445FA}C:\program files (x86)\deluge\deluge-python\deluged.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge-python\deluged.exe |
"TCP Query User{2EB55B78-5A53-4157-BDB1-7ED92C25A4B5}C:\program files (x86)\ubisoft\prince of persia the forgotten sands\prince of persia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\prince of persia.exe |
"TCP Query User{36F2A17F-CAB7-4994-811C-533C75165A48}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{41119E0C-E219-4227-96AE-B2FF62E28329}C:\program files (x86)\virtual volumes\vv_cmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\virtual volumes\vv_cmd.exe |
"TCP Query User{4A4CDD1E-6A84-4FEF-A9A9-16484E6A3AB9}C:\program files (x86)\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"TCP Query User{65ADFC85-EEB3-4221-8376-58E119FC21C7}C:\program files (x86)\volition inc\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |
"TCP Query User{7F017C48-4927-4E51-B5BE-42F1D117B03F}C:\program files (x86)\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"TCP Query User{8224C965-8983-49DF-9C25-07A1B7F2A519}C:\program files\deluge\python.exe" = protocol=6 | dir=in | app=c:\program files\deluge\python.exe |
"TCP Query User{9099F098-9DC6-4D15-8A61-2302C6CF2D80}C:\program files (x86)\tanner eda\tanner tools v12.1\t-spice\tspice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tanner eda\tanner tools v12.1\t-spice\tspice.exe |
"TCP Query User{B0860D75-5792-4C8F-8292-AE9C0394E1F7}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{CD17298B-2B27-4A22-B0C1-19D7F81E9A30}C:\program files (x86)\deluge\deluge-python\deluged.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge-python\deluged.exe |
"TCP Query User{ED89301E-BCAC-460D-A2D3-85489344947D}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{F100FE65-D4A8-45D3-80FA-51F1C3EBDB8B}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{F609CD67-1983-4B31-86D3-962D4A3CE43E}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"UDP Query User{0228917E-EA14-424F-944F-9DA4003941A9}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{138FC2D6-6A43-465A-8E21-C374EE132157}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{160B20DE-28FB-49BD-9BA9-73272F6C726B}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"UDP Query User{26AB7ADA-BC95-487E-AFAF-B6D9562508B2}C:\program files\deluge\python.exe" = protocol=17 | dir=in | app=c:\program files\deluge\python.exe |
"UDP Query User{35042983-8476-47B6-9EDA-EB2B5EA1A12F}C:\program files (x86)\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"UDP Query User{427643B4-3B50-4DCA-9825-10F6FA773E01}C:\program files (x86)\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"UDP Query User{4AD16747-5628-4F4F-AF20-7B9E426882C1}C:\program files (x86)\tanner eda\tanner tools v12.1\t-spice\tspice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tanner eda\tanner tools v12.1\t-spice\tspice.exe |
"UDP Query User{4D88E4B1-4CCB-47CF-B004-450ED6DD4887}C:\program files (x86)\virtual volumes\vv_cmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\virtual volumes\vv_cmd.exe |
"UDP Query User{746E3E88-2D81-4F3D-818A-8F991B9316B1}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{A2A3B0D3-F2C1-4BAC-97FD-05A7D8137089}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{A8F41499-DD61-43FF-9697-18251C0653FD}C:\program files (x86)\volition inc\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\volition inc\red faction guerrilla\rfg.exe |
"UDP Query User{AA8486A4-420F-4447-96ED-C308E6D28FB9}C:\program files (x86)\deluge\deluge-python\deluged.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge-python\deluged.exe |
"UDP Query User{AF46C869-16BA-4501-9311-1476E057A0F6}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{BDF6A7A3-FBA3-4E08-9B6C-FEB775D5A443}C:\program files (x86)\deluge\deluge-python\deluged.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge-python\deluged.exe |
"UDP Query User{C1AFA2BD-5436-44CB-AF4A-E65B4903BE2E}C:\program files (x86)\fisting4fun\commview for wifi\commviewwifi\wepdecoder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fisting4fun\commview for wifi\commviewwifi\wepdecoder.exe |
"UDP Query User{D0A36249-B466-4428-8634-D979CF39A62F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{F7A876B0-CD15-4301-A4C1-4A208F6F481C}C:\program files (x86)\ubisoft\prince of persia the forgotten sands\prince of persia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia the forgotten sands\prince of persia.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series" = Canon iP3500 series
"{23170F69-40C1-2702-0464-000001000000}" = 7-Zip 4.64 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"CanonMyPrinter" = Canon My Printer
"Ext2Fsd_is1" = Ext2Fsd 0.46
"Ext2Ifs_for_NT6" = Ext2 IFS 1.11a for Windows Vista/2008
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A2770F50-89C7-433E-8E19-7148B21172EB}" = RESIDENT EVIL 5 Benchmark Version
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-10-28
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{AFD2AB65-6EEF-4B8E-BC0C-3523C82A3995}" = Unigine Tropics Demo v1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced PDF Tools v2.0_is1" = Advanced PDF Tools v2.0
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"Compare PDF_is1" = Compare PDF 6.0
"Deluge" = Deluge 1.1.9
"Diff Doc_is1" = Diff Doc
"eMule" = eMule
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"Fraps" = Fraps
"Free Download Manager_is1" = Free Download Manager 2.5
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"Hard Disk Wipe Tool_is1" = Hard Disk Wipe Tool 2.35 build 1178
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MemSet_is1" = MemSet 3.6
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.43
"NetLimiter 2 Monitor" = NetLimiter 2 Monitor (remove only)
"OpenAL" = OpenAL
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5
"PowerISO" = PowerISO
"RealAlt_is1" = Real Alternative 2.0.1
"RivaTuner" = RivaTuner v2.21
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpeedFan" = SpeedFan (remove only)
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"TrueCrypt" = TrueCrypt
"Virtual Volumes" = Virtual Volumes
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3724978081-2025215398-879490164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"LanDiscovery" = LanDiscovery (remove only)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:47 PM

Posted 29 August 2010 - 08:24 AM

Hi,

could you please tell me where Spyware Doctor removed this infection?

Both Firefox and Internet Explorer have proxies set up, is this intentional?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 evilguy

evilguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 30 August 2010 - 06:11 PM

Hi sometime I will use free proxy server to get better speed. But currently I don't use it. I check IE setting and confirm i don't use proxy. As for firefox it is set to "Use system proxy settings". In older version of firefox, I don't see this option. Maybe it is a default configuration for the latest firefox. Below is the print screen on the history of spybot-search & destroy when it remove the infection. Let me know whether the system is already clean. Thanks

Attached File  spybot.jpg   26.15KB   5 downloads

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:47 PM

Posted 31 August 2010 - 02:29 AM

Hi,

the banker is a false positive, those files should belong to SmitFraudfix. Did you run it? The second however was a real infection. Your log isn' showing leftovers at the moment though.

Please run a scan with Eset to confirm this:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 evilguy

evilguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 31 August 2010 - 08:00 AM

I'm not using SmitFraudfix to scan for the infection. Maybe that file was a left over from the old time. Below is the ESET OnlineScan log. Some infection cannot be removed. Seem that this system is still infected?

C:\Program Files (x86)\Internet Explorer\iexplore.exe Win32/Bamital.DX trojan unable to clean
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\279f4d0e-3e58d808 a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined
C:\Users\jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4b06bce-3501bf9f multiple threats deleted - quarantined
C:\Users\jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\8df5f4f-42817a4f multiple threats deleted - quarantined
C:\Users\jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\4fd90e9e-3b29192e multiple threats deleted - quarantined
C:\Users\jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\7dc3a3a4-3270c57f multiple threats deleted - quarantined
C:\Users\jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\1f100444-2d4158b5 probably a variant of Win32/Agent.NXHSWPF trojan deleted - quarantined
C:\Users\jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\7be08cb3-587d6af8 multiple threats deleted - quarantined
C:\Users\jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\7e4b2c35-54ca666e probably a variant of Win32/Agent.LHGXRNN trojan deleted - quarantined
C:\Users\jan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\14c25947-37347ccf multiple threats deleted - quarantined
C:\Users\jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.rar a variant of Win32/Kryptik.ETI trojan deleted - quarantined
C:\Windows\System32\wininit.exe Win32/Bamital.DX trojan unable to clean
C:\Windows\SysWOW64\wininit.exe Win32/Bamital.DX trojan unable to clean
E:\bakuppendrive_ayu\testdrive\recup_dir.2\f0267911.txt Win32/AutoHK.BC trojan cleaned by deleting - quarantined
E:\fromdriveE\bkup\AyuProperties.rar Win32/VB.NEI worm deleted - quarantined

Edited by evilguy, 31 August 2010 - 08:03 AM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:47 PM

Posted 01 September 2010 - 01:56 AM

Hi,

this is not good. There is an infection that infected some of your windows files. Do you have a Windows CD?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 evilguy

evilguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 01 September 2010 - 09:12 AM

I have it but need to look where i put it. Once i find it what I need to do?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:47 PM

Posted 03 September 2010 - 02:28 AM

Hi,

once you found it, I would use it to get into the recovery console and replace the infected files by clean files we need to locate first.
Let me know once you get it. If you can't find it, let me know and I'll provide instructions on how to create a different CD to use.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 evilguy

evilguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 03 September 2010 - 08:03 AM

Ok I found the CD. please let me know the next step

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:47 PM

Posted 05 September 2010 - 07:02 AM

Hi,

sorry I thought we already went through this, but I can't find the results:

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    CODE
    :filefind
    iexplore.exe
    wininit.exe
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 evilguy

evilguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 07 September 2010 - 10:28 AM

SystemLook 04.09.10 by jpshortstuff
Log created at 23:25 on 07/09/2010 by jan
Administrator - Elevation successful

========== filefind ==========

Searching for "iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe --a---- 701952 bytes [02:49 21/01/2008] [02:49 21/01/2008] AC2C3BAFD177B60C3B5E4DDBCC2C2DB3
C:\Program Files (x86)\Internet Explorer\iexplore.exe --a---- 625664 bytes [02:47 21/01/2008] [02:47 21/01/2008] 90BEE4CCD7D43AE4E788FF751C048A80
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_89721e14d5531cd7\iexplore.exe --a---- 701440 bytes [01:00 10/04/2008] [01:00 10/04/2008] 31705413C889C5503F564C642D83C282
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_8944ddd0d57559ed\iexplore.exe --a---- 701440 bytes [15:59 13/06/2008] [15:59 13/06/2008] 699D1D2EAF5C80E7361809B0ED8AE773
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_89908f2ad53c937d\iexplore.exe --a---- 701440 bytes [18:06 13/08/2008] [18:06 13/08/2008] 88BC0B30EE1C0344119778A6E8F2509F
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_896b5136d5579b4b\iexplore.exe --a---- 709408 bytes [15:26 03/12/2008] [08:10 02/10/2008] FF441810C3CA6DC897CB322F60A6902F
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_895d806cd5626b37\iexplore.exe --a---- 709800 bytes [16:13 28/01/2009] [04:45 16/10/2008] 20B5615A7F3EB138651CE1B60C625D76
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_89df4c43ee8575d0\iexplore.exe --a---- 701440 bytes [01:00 10/04/2008] [01:00 10/04/2008] 2EEE7F65B04F759FE7D238AD6EAB90B7
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_8a115c9dee6081e6\iexplore.exe --a---- 701440 bytes [15:59 13/06/2008] [15:59 13/06/2008] 1ACD856D345FA54F89335C793B2B0874
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_89eb1e5fee7c705d\iexplore.exe --a---- 701440 bytes [18:06 13/08/2008] [18:06 13/08/2008] D5A7B74CA0826CF5BCE4AE0152231A9B
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_8a155fabee5ce469\iexplore.exe --a---- 709408 bytes [15:26 03/12/2008] [03:50 02/10/2008] 8BC05A19FA4C19025D564A2201709F70
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_8a0a8fbfee65005a\iexplore.exe --a---- 709800 bytes [16:13 28/01/2009] [04:33 16/10/2008] C06D959943F4E6CEC8FF0484B1440F84
C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_8b809b8cd25bf1ff\iexplore.exe --a---- 701952 bytes [02:49 21/01/2008] [02:49 21/01/2008] AC2C3BAFD177B60C3B5E4DDBCC2C2DB3
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_93c6c86709b3ded2\iexplore.exe --a---- 625664 bytes [01:00 10/04/2008] [01:00 10/04/2008] 9437CA21CD48C9B6BFD6F5AC0143D251
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_9399882309d61be8\iexplore.exe --a---- 625664 bytes [15:59 13/06/2008] [15:59 13/06/2008] 07ED775D6DB4BFA96D7CFB09EB228418
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_93e5397d099d5578\iexplore.exe --a---- 625664 bytes [18:06 13/08/2008] [18:06 13/08/2008] 157F8DE991396C536820D7FA5C8DCF7D
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_93bffb8909b85d46\iexplore.exe --a---- 633632 bytes [15:26 03/12/2008] [03:50 02/10/2008] 19403B64906C9EAC627E3C10847B0FDA
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_93b22abf09c32d32\iexplore.exe --a---- 634024 bytes [16:13 28/01/2009] [04:42 16/10/2008] D762642A109433EEDCD332B0A9511137
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_9433f69622e637cb\iexplore.exe --a---- 625664 bytes [01:00 10/04/2008] [01:00 10/04/2008] 182CAF7403705ACCB51211A761080B8F
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_946606f022c143e1\iexplore.exe --a---- 625664 bytes [15:59 13/06/2008] [15:59 13/06/2008] 9F1427F203CA078005C9943800929640
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_943fc8b222dd3258\iexplore.exe --a---- 625664 bytes [18:06 13/08/2008] [18:06 13/08/2008] 4DBD95312B1C96C5285D38F1D748CD4D
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_946a09fe22bda664\iexplore.exe --a---- 633632 bytes [15:26 03/12/2008] [03:32 02/10/2008] 6655B851D9EEF7C83395EE52D551B448
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_945f3a1222c5c255\iexplore.exe --a---- 634024 bytes [16:13 28/01/2009] [04:27 16/10/2008] 4CBA2F58668F2D5F3259CBE73E227F25
C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_95d545df06bcb3fa\iexplore.exe --a---- 625664 bytes [02:47 21/01/2008] [02:47 21/01/2008] 5B92133D3E7FB2644677686305E29E81

Searching for "wininit.exe"
C:\Windows\System32\wininit.exe --a---- 123904 bytes [02:49 21/01/2008] [02:49 21/01/2008] 117EA87DF785CA1B9D821F6F213DCE07
C:\Windows\SysWOW64\wininit.exe --a---- 96768 bytes [02:47 21/01/2008] [02:47 21/01/2008] 6556BA79565EF94FE72A12396E589A22
C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe --a---- 123904 bytes [02:49 21/01/2008] [02:49 21/01/2008] 117EA87DF785CA1B9D821F6F213DCE07
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe --a---- 96768 bytes [02:47 21/01/2008] [02:47 21/01/2008] 101BA3EA053480BB5D957EF37C06B5ED

-= EOF =-

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:47 PM

Posted 10 September 2010 - 03:55 AM

Hi,

Booting into the Windows WinRE Environment using Windows Vista disk

Please insert your Windows installation media into your CD-Rom/DVD drive and reboot your computer. During the reboot and at boot up you should see Press Any key to Boot from CD/DVD.... If you see that please press any key to continue and continue and follow the next set of instructions on "Using the Vista CD Disk to Access the Vista WinRE Environment". If not, please follow the next set of instructions on "How to Configure the System to Boot from CD/DVD" and then follow the steps to "Using the Vista CD Disk to Access the Vista WinRE Environment ".

How to Configure the system to boot from CD/DVD

Some machines will automatically attempt boot from the CD if a CD is inserted, if that is the case, please skip the instructions below...
  • Please reboot your machine or turn it on (Without the CD)
  • As soon as the BIOS is loaded begin tapping tapping the F2 or F12 or perhaps F9, F10 or F11 (try all of them if unsure, starting with F2)
  • Different Machines have different keys.
  • This will bring up the configuration options, please use your arrow keys to go to the Boot Tab.
  • In the Boot tab, there should be instructions on your right-hand side on how to move your CD/DVD as the top or First Priority
  • After you have moved CD/DVD at the top/first priority, please make sure you SAVE AND EXIT <- Important
  • It will now exit with Configuration settings saved.
Using the Vista CD Disk to Access the Vista WinRE Environment
  • Insert the Windows Vista disk in your computer.
  • Restart your computer so you are booting off of the CD.
  • During the reboot and boot up you will get a message saying: "Press any key to boot from CD", press Enter on your keyboard.
  • Select your language options, Time and Keyboard and press Next
  • At the next prompt press
  • Select your Operating System (Windows Vista; the main one) from the list, and then press Next
  • Now press the Command Prompt option.
  • Enter the following code line by line one at a time and pressing enter on your keyboard on each line.
  • Wait for each command to be completed before continuing with the next one.
    CODE
    copy "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "C:\iexplore.bad"
    copy "C:\Windows\SysWOW64\wininit.exe" C:\wininit.bad"
    copy "C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_95d545df06bcb3fa\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    copy "C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe" "C:\Windows\SysWOW64\wininit.exe"
  • type Exit to leave the recvory prompt
  • Press the Restart button and remove your Windows Vista disk from the DVD drive. Windows should now begin to load.

Once the pc has rebooted, please let me know if you still get redirected.

regards mytrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 evilguy

evilguy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 16 September 2010 - 02:32 AM

After doing the above step, i tried google search from ie. I don't face any redirect problem again. Firefox browser is not redirect since I updated the latest version that day. Does this mean the system is now already clean?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users