Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted browser redirects


  • This topic is locked This topic is locked
21 replies to this topic

#1 Disko

Disko

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 21 August 2010 - 03:46 PM

Hello Bleeping Computer-ers,

Recently google chrome began redirecting links and typed websites to ad websites (videocop, other search engines, something suspicious called stopzilla)
I have done everything I can to get rid of it. I have scanned with Malwarebytes, SuperAntiSpyware, AVG and Avast! in safe mode to no avail. What should I do?

Here are my computer specifications:

Windows Vista Home Premium
Manufacturer: Velocity Micro
Model: 64-bit custom PC
Processor: Intel® Core ™2 Quad CUP Q8200 @2.33GHz
Memory: 4.00 GB
System Type: 64-bit Operating system


Here is the hijack this log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:38 PM, on 8/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files (x86)\Semagic\link.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9920 bytes


Malwarebytes log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4456

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

8/21/2010 9:03:17 AM
mbam-log-2010-08-21 (09-03-17).txt

Scan type: Full scan (C:\|I:\|)
Objects scanned: 368101
Time elapsed: 1 hour(s), 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Super Anti Spyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2010 at 09:30 AM

Application Version : 4.41.1000

Core Rules Database Version : 5388
Trace Rules Database Version: 3200

Scan type : Quick Scan
Total Scan Time : 00:19:26

Memory items scanned : 284
Memory threats detected : 0
Registry items scanned : 2415
Registry threats detected : 0
File items scanned : 16802
File threats detected : 31

Adware.Tracking Cookie
C:\Users\annar\AppData\Roaming\Microsoft\Windows\Cookies\annar@content.yieldmanager[1].txt
.doubleclick.net [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.enhance.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.enhance.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.stopzilla.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
clicks.besthotsearch.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertise.com [ C:\Users\annar\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

I don't know how to copypasta the avast! log but here is what it found which was deleted:

C:\Users\annar\AppData\Local\Temp\plugtmp-8\plugin-snooparound.pdf

AVG

"C:\Windows\System32\LogFiles\WMI\RtBackup\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SYSTEM.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SYSTEM.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SYSTEM";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SOFTWARE.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SOFTWARE.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SOFTWARE";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SECURITY.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SECURITY.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SAM.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SAM.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\RegBack\SYSTEM";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\RegBack\SOFTWARE";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\RegBack\SECURITY";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\RegBack\SAM";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\RegBack\DEFAULT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\RegBack\COMPONENTS";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\DEFAULT.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\DEFAULT.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\DEFAULT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\COMPONENTS.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\COMPONENTS.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\COMPONENTS";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\catroot2\edb.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Public\Documents\My Videos\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Public\Documents\My Pictures\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Public\Documents\My Music\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Templates\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Start Menu\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\SendTo\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Recent\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\PrintHood\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\NetHood\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\My Documents\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Local Settings\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Documents\My Videos\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Documents\My Pictures\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Documents\My Music\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Cookies\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Application Data\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\AppData\Local\Temporary Internet Files\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\AppData\Local\History\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\AppData\Local\Application Data\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default User\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\Templates\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\PrintHood\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\ntuser.dat.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\ntuser.dat.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\ntuser.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\NetHood\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\Documents\My Videos\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\Documents\My Pictures\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\Documents\My Music\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\AppData\Local\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\annar\AppData\Local\History\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Templates\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Start Menu\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Favorites\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Documents\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Desktop\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\avg9\Log\dac9f66d-428c-4f9f-8478-e0495bb0c639";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\avg9\Log\79b83540-09a0-49c3-9290-054bf43b8f47";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Application Data\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Boot\BCD.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Boot\BCD";"Locked file. Not tested.";"Locked file. Not tested."


What do I do to get rid of this annoying malware? Thank you so much in advance, please let me know if you need more information.

Here is the DDS scan report:



DDS (Ver_10-03-17.01) - NTFSX64
Run by annar at 13:49:02.77 on Sat 08/21/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2204 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\annar\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files (x86)\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files (x86)\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files (x86)\winamp toolbar\winamptb.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [AdobeBridge]
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [jswtrayutil] "c:\program files (x86)\netgear\wnda3100\jswtrayutil.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\users\annar\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Copy to Semagic - c:\program files (x86)\semagic\copy.htm
IE: Download all with Free Download Manager - file://c:\program files (x86)\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Semagic - c:\program files (x86)\semagic\link.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\annar\appdata\roaming\mozilla\firefox\profiles\jm0s4ug9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\annar\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-21 121936]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-6-4 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-6-4 35536]
R1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-6-4 317520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-21 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-21 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-21 40384]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-20 308136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2010-3-30 1823112]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-6-21 3644200]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-21 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-21 40384]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-3-6 37408]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-8-21 136176]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-10-19 89920]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2010-1-4 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-10-6 1038088]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50a64.sys [2009-6-4 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\drivers\PCASp50a64.sys [2009-6-4 41280]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-6-21 18216]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31vx.sys [2008-3-18 524248]
S4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2008-4-29 209424]

=============== Created Last 30 ================

2010-08-21 20:19:28 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-21 14:47:06 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-21 14:47:05 0 ----a-w- c:\windows\syswow64\config.nt
2010-08-21 14:45:50 38848 ----a-w- c:\windows\avastSS.scr
2010-08-21 14:45:49 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-08-21 14:45:38 0 d-----w- c:\programdata\Alwil Software
2010-08-21 14:45:38 0 d-----w- c:\program files\Alwil Software
2010-08-21 14:44:18 0 d-----w- c:\programdata\!SASCORE
2010-08-21 10:13:09 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-08-21 10:13:09 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-08-21 10:13:09 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-21 10:13:09 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-08-21 10:13:09 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-21 10:13:09 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-08-21 10:13:09 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-08-21 10:13:09 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-08-21 10:13:09 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-21 10:13:08 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-08-21 07:07:23 65536 --sha-w- c:\users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TM.blf
2010-08-21 07:07:23 524288 --sha-w- c:\users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000002.regtrans-ms
2010-08-21 07:07:23 524288 --sha-w- c:\users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000001.regtrans-ms
2010-08-21 06:24:43 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-21 06:24:06 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-21 06:24:06 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-21 06:23:48 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-21 06:23:35 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-21 06:23:33 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-21 06:22:36 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-21 06:22:24 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-21 06:21:40 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-21 06:21:38 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-21 06:20:51 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-08-21 06:20:50 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-08-21 06:20:50 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-08-21 06:20:50 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-08-21 06:20:50 3603456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-08-21 06:20:50 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-08-21 06:20:49 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-08-21 06:20:49 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-08-21 06:18:50 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-08-21 06:18:48 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-08-21 06:18:27 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-21 06:18:23 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 06:10:44 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2010-08-21 06:10:43 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-08-21 05:33:34 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-08-21 05:24:56 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-21 05:24:56 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-08-21 05:24:55 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-08-21 05:24:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-21 04:43:17 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-21 04:37:54 0 d-----w- c:\program files (x86)\Panda Security
2010-08-21 04:11:47 65536 --sha-w- c:\users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TM.blf
2010-08-21 04:11:47 524288 --sha-w- c:\users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000002.regtrans-ms
2010-08-21 04:11:47 524288 --sha-w- c:\users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000001.regtrans-ms
2010-08-21 03:19:34 218 ----a-w- c:\users\annar\.recently-used.xbel
2010-08-16 04:38:39 0 d-----w- c:\users\annar\appdata\roaming\SUPERAntiSpyware.com
2010-08-16 04:38:39 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-16 04:34:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-10 18:38:42 12 ---h--w- C:\reachd.cz
2010-08-10 18:30:33 0 d-----w- c:\programdata\Dragon's Eye Productions
2010-08-10 18:30:33 0 d-----w- c:\program files (x86)\Furcadia
2010-08-05 00:46:03 0 d-----w- c:\programdata\CanonBJ
2010-08-04 15:40:48 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2010-07-29 00:16:10 0 d-----w- c:\users\annar\appdata\roaming\HpUpdate
2010-07-28 23:50:19 0 d-----w- c:\program files (x86)\HP
2010-07-28 23:46:36 0 d-----w- c:\programdata\HP

==================== Find3M ====================

2010-08-21 05:50:16 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-08-21 05:41:22 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-06-03 16:28:40 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-03 16:28:40 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-06-03 16:28:40 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-06-03 16:28:40 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-31 23:47:39 99384 ----a-w- c:\users\annar\appdata\roaming\inst.exe
2010-05-31 23:47:39 82816 ----a-w- c:\users\annar\appdata\roaming\pcouffin.sys
2010-05-31 23:41:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-31 23:41:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-31 23:41:40 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2009-11-17 11:19:17 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:50:43.37 ===============

EDIT: Posts merged ~BP

Edited by Budapest, 21 August 2010 - 04:52 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 27 August 2010 - 08:09 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Disko

Disko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 27 August 2010 - 10:04 PM

I am here! Yay!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 28 August 2010 - 05:30 AM

Please run this check for a rootkit

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 Disko

Disko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 28 August 2010 - 10:43 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: NVIDIA
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: NVIDIA
System Product Name: MCP73
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 156):
0x02252000 \SystemRoot\system32\ntoskrnl.exe
0x0220C000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00653000 \SystemRoot\system32\PSHED.dll
0x00667000 \SystemRoot\system32\CLFS.SYS
0x006C4000 \SystemRoot\system32\CI.dll
0x00803000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EB000 \SystemRoot\system32\drivers\acpi.sys
0x00941000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094A000 \SystemRoot\system32\drivers\msisadrv.sys
0x00954000 \SystemRoot\system32\drivers\pci.sys
0x00984000 \SystemRoot\System32\drivers\partmgr.sys
0x00999000 \SystemRoot\system32\drivers\volmgr.sys
0x00776000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AD000 \SystemRoot\system32\drivers\pciide.sys
0x009B4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C4000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D7000 \SystemRoot\system32\drivers\nvraid.sys
0x00A02000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A2E000 \SystemRoot\system32\drivers\atapi.sys
0x00A36000 \SystemRoot\system32\drivers\ataport.SYS
0x00A5A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AA1000 \SystemRoot\system32\drivers\fileinfo.sys
0x00AB5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0E000 \SystemRoot\system32\drivers\ndis.sys
0x00B3C000 \SystemRoot\system32\drivers\msrpc.sys
0x00B8C000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E02000 \SystemRoot\System32\drivers\tcpip.sys
0x00F78000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01008000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01188000 \SystemRoot\system32\drivers\wd.sys
0x01190000 \SystemRoot\system32\drivers\volsnap.sys
0x011D4000 \SystemRoot\System32\Drivers\spldr.sys
0x011DC000 \SystemRoot\System32\Drivers\mup.sys
0x00FA4000 \SystemRoot\System32\drivers\ecache.sys
0x00FD0000 \SystemRoot\system32\drivers\disk.sys
0x011EE000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DD1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00DDE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00DE7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x00C00000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x00BE5000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02446000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02457000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02544000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02556000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02601000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02F7A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03002000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x030E5000 \SystemRoot\System32\drivers\watchdog.sys
0x030F5000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x0313C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03158000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03161000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x03164000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03176000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0317E000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x03180000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F7C000 \SystemRoot\system32\DRIVERS\storport.sys
0x031B9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x031C6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x031E9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02566000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FD9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02597000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x025B5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x031F5000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x02FE9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x025CD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x025DB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03000000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03200000 \SystemRoot\system32\DRIVERS\ks.sys
0x03234000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0323F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0324F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03297000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x032A2000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x032AA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x032B5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03806000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x039A7000 \SystemRoot\system32\drivers\portcls.sys
0x032C9000 \SystemRoot\system32\drivers\drmk.sys
0x039E2000 \SystemRoot\system32\drivers\ksthunk.sys
0x039E8000 \SystemRoot\system32\drivers\nvhda64v.sys
0x032EC000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x039F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03319000 \SystemRoot\System32\Drivers\Null.SYS
0x03338000 \SystemRoot\System32\drivers\vga.sys
0x03346000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0336B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03374000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0337D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03388000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03399000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x033A2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x033BF000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03A06000 \SystemRoot\System32\Drivers\avgtdia.sys
0x03A57000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A9B000 \SystemRoot\system32\DRIVERS\smb.sys
0x03AB6000 \SystemRoot\system32\drivers\afd.sys
0x03B21000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03B2B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B49000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B75000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B90000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03B9A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03BA4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03BC0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03C07000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C54000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03C5D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C69000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C86000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03C8E000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03CD5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03CED000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03D10000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03D45000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03D53000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x03D5F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x03D67000 \SystemRoot\System32\drivers\Dxapi.sys
0x03D73000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x03D86000 \SystemRoot\system32\drivers\luafv.sys
0x03DA8000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x03DC2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x07C01000 \SystemRoot\system32\drivers\spsys.sys
0x07C9B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07CAF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07CE3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07CEE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07D06000 \SystemRoot\system32\drivers\HTTP.sys
0x07DA9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07DD2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03DCB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03BC2000 \SystemRoot\system32\drivers\mrxdav.sys


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 28 August 2010 - 04:45 PM

That is not the whole log. Can you check it and either post the rest or rerun the MBRCheck program. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#7 Disko

Disko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 28 August 2010 - 06:28 PM

Terribly sorry, here you are.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: NVIDIA
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: NVIDIA
System Product Name: MCP73
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 156):
0x02252000 \SystemRoot\system32\ntoskrnl.exe
0x0220C000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00653000 \SystemRoot\system32\PSHED.dll
0x00667000 \SystemRoot\system32\CLFS.SYS
0x006C4000 \SystemRoot\system32\CI.dll
0x00803000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008EB000 \SystemRoot\system32\drivers\acpi.sys
0x00941000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094A000 \SystemRoot\system32\drivers\msisadrv.sys
0x00954000 \SystemRoot\system32\drivers\pci.sys
0x00984000 \SystemRoot\System32\drivers\partmgr.sys
0x00999000 \SystemRoot\system32\drivers\volmgr.sys
0x00776000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AD000 \SystemRoot\system32\drivers\pciide.sys
0x009B4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C4000 \SystemRoot\System32\drivers\mountmgr.sys
0x009D7000 \SystemRoot\system32\drivers\nvraid.sys
0x00A02000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A2E000 \SystemRoot\system32\drivers\atapi.sys
0x00A36000 \SystemRoot\system32\drivers\ataport.SYS
0x00A5A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AA1000 \SystemRoot\system32\drivers\fileinfo.sys
0x00AB5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0E000 \SystemRoot\system32\drivers\ndis.sys
0x00B3C000 \SystemRoot\system32\drivers\msrpc.sys
0x00B8C000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E02000 \SystemRoot\System32\drivers\tcpip.sys
0x00F78000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01008000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01188000 \SystemRoot\system32\drivers\wd.sys
0x01190000 \SystemRoot\system32\drivers\volsnap.sys
0x011D4000 \SystemRoot\System32\Drivers\spldr.sys
0x011DC000 \SystemRoot\System32\Drivers\mup.sys
0x00FA4000 \SystemRoot\System32\drivers\ecache.sys
0x00FD0000 \SystemRoot\system32\drivers\disk.sys
0x011EE000 \SystemRoot\system32\drivers\crcdisk.sys
0x00DD1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00DDE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00DE7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x00C00000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x00BE5000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02446000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02457000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02544000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02556000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02601000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x02F7A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03002000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x030E5000 \SystemRoot\System32\drivers\watchdog.sys
0x030F5000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x0313C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03158000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03161000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x03164000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03176000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0317E000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x03180000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F7C000 \SystemRoot\system32\DRIVERS\storport.sys
0x031B9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x031C6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x031E9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02566000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FD9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02597000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x025B5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x031F5000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x02FE9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x025CD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x025DB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03000000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03200000 \SystemRoot\system32\DRIVERS\ks.sys
0x03234000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0323F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0324F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03297000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x032A2000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x032AA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x032B5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03806000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x039A7000 \SystemRoot\system32\drivers\portcls.sys
0x032C9000 \SystemRoot\system32\drivers\drmk.sys
0x039E2000 \SystemRoot\system32\drivers\ksthunk.sys
0x039E8000 \SystemRoot\system32\drivers\nvhda64v.sys
0x032EC000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x039F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03319000 \SystemRoot\System32\Drivers\Null.SYS
0x03338000 \SystemRoot\System32\drivers\vga.sys
0x03346000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0336B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03374000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0337D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03388000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03399000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x033A2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x033BF000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03A06000 \SystemRoot\System32\Drivers\avgtdia.sys
0x03A57000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A9B000 \SystemRoot\system32\DRIVERS\smb.sys
0x03AB6000 \SystemRoot\system32\drivers\afd.sys
0x03B21000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03B2B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B49000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B75000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B90000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03B9A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03BA4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03BC0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03C07000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C54000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03C5D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C69000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C86000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03C8E000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03CD5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03CED000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03D10000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03D45000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03D53000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x03D5F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x03D67000 \SystemRoot\System32\drivers\Dxapi.sys
0x03D73000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x03D86000 \SystemRoot\system32\drivers\luafv.sys
0x03DA8000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x03DC2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x07C01000 \SystemRoot\system32\drivers\spsys.sys
0x07C9B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07CAF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07CE3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07CEE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07D06000 \SystemRoot\system32\drivers\HTTP.sys
0x07DA9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07DD2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03DCB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03BC2000 \SystemRoot\system32\drivers\mrxdav.sys
0x033CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08802000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0884B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0886A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0889C000 \SystemRoot\System32\DRIVERS\srv.sys
0x08931000 \SystemRoot\System32\Drivers\adfs.SYS
0x08949000 \SystemRoot\system32\drivers\peauth.sys
0x07DF0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03DE5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x007DC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x03BE9000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x03B58000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x03322000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x77CB0000 \Windows\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
524 csrss.exe
576 C:\Windows\System32\wininit.exe
596 csrss.exe
604 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
612 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
680 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
712 C:\Windows\System32\winlogon.exe
992 C:\Windows\System32\services.exe
1004 C:\Windows\System32\lsass.exe
1020 C:\Windows\System32\lsm.exe
600 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\nvvsvc.exe
464 C:\Windows\System32\svchost.exe
1104 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1240 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\audiodg.exe
1444 C:\Windows\System32\SLsvc.exe
1484 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\rundll32.exe
1640 C:\Windows\System32\wisptis.exe
1648 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1716 C:\Windows\System32\svchost.exe
2000 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
2092 C:\Windows\System32\dwm.exe
2116 C:\Windows\System32\wisptis.exe
2124 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2204 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
2436 C:\Windows\System32\spoolsv.exe
2460 C:\Windows\System32\taskeng.exe
2492 C:\Windows\System32\svchost.exe
2564 C:\Windows\System32\taskeng.exe
2804 C:\Windows\explorer.exe
3040 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2356 C:\Windows\System32\rundll32.exe
2336 C:\Program Files\Microsoft Security Essentials\msseces.exe
2736 C:\Program Files\Windows Sidebar\sidebar.exe
2856 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2560 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
1308 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1432 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3112 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
3160 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
3176 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
3376 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
3504 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
3704 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
3756 C:\Windows\System32\svchost.exe
3788 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
4088 C:\Windows\System32\svchost.exe
3304 C:\Windows\System32\Pen_Tablet.exe
1236 C:\Windows\System32\svchost.exe
3592 C:\Windows\System32\SearchIndexer.exe
3680 WUDFHost.exe
3888 C:\Windows\System32\WTablet\Pen_TabletUser.exe
3960 C:\Windows\System32\Pen_Tablet.exe
4284 C:\Program Files\Windows Media Player\wmpnscfg.exe
4384 C:\Program Files\Windows Media Player\wmpnetwk.exe
4456 C:\Windows\System32\svchost.exe
5092 C:\Program Files (x86)\Pidgin\pidgin.exe
2152 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
4404 C:\Windows\System32\mobsync.exe
4704 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1008 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1932 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2904 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2636 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
5268 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
5168 C:\Users\annar\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 28 August 2010 - 06:33 PM

Nothing there so please run OTL and let's take a better look
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#9 Disko

Disko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 29 August 2010 - 12:46 AM

OTL logfile created on: 8/29/2010 12:39:56 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\annar\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 286.63 Gb Free Space | 61.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.90 Gb Total Space | 1.87 Gb Free Space | 98.16% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNAR-PC
Current User Name: annar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\annar\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\annar\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (WNDA3100) -- C:\Windows\SysNative\DRIVERS\WNDA31vx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (AMD Technologies Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (WacomVKHid) -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys (Wacom Technology)
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 05:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/08/21 01:31:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/21 00:02:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/21 00:02:56 | 000,000,000 | ---D | M]

[2009/06/04 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Mozilla\Extensions
[2009/06/04 23:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\annar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/16 11:20:32 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions
[2010/05/27 15:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(90)
[2010/04/16 03:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/05/27 15:21:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(91)
[2009/10/02 20:27:15 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\personas@christopher(27).beard
[2009/10/06 19:18:28 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\personas@christopher.beard
[2010/01/13 22:47:34 | 000,001,201 | ---- | M] () -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\searchplugins\winamp-search.xml
[2010/08/20 20:38:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/14 23:49:27 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/16 21:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/06/03 19:57:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/06/03 11:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/02 12:41:26 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/02 12:41:26 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
[2010/06/03 11:28:41 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/05/12 13:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 17:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/04/02 12:41:29 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2008/10/14 23:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/04/05 18:16:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/04/05 18:16:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/04/05 18:16:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/04/05 18:16:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/04/05 18:16:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/04/05 18:16:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/04/05 18:16:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/12/21 00:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2009/05/01 16:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll
[2009/06/26 00:12:32 | 000,001,489 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml

O1 HOSTS File: ([2009/10/06 21:49:02 | 000,000,793 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\annar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm ()
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Semagic - C:\Program Files (x86)\Semagic\link.htm ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Semagic - C:\Program Files (x86)\Semagic\link.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\annar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\annar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cb049fd0-37cb-11de-9e3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cb049fd0-37cb-11de-9e3e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{cb049fd0-37cb-11de-9e3e-806e6f6e6963}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{d1a2cdaf-5231-11de-983a-00e06103ce1d}\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{d1a2ce6f-5231-11de-983a-00e06103ce1d}\Shell\AutoRun\command - "" = K:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/27 11:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/08/27 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Roaming\Yahoo!
[2010/08/27 11:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/08/27 11:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/24 10:26:11 | 000,000,000 | ---D | C] -- C:\WTablet
[2010/08/22 18:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/08/22 18:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/22 18:18:06 | 007,537,912 | ---- | C] (Microsoft Corporation) -- C:\Users\annar\Contacts\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/08/22 18:09:59 | 001,198,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\annar\Contacts\Desktop\TDSSKiller.exe
[2010/08/22 18:05:36 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/22 05:00:30 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/08/21 23:47:45 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Local\Dragon's Eye Productions
[2010/08/21 15:51:54 | 000,000,000 | ---D | C] -- C:\Users\annar\Contacts\Desktop\gmer
[2010/08/21 15:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/21 09:47:14 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/08/21 09:47:13 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/08/21 09:47:11 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/08/21 09:47:09 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/08/21 09:47:06 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/08/21 09:45:50 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/21 09:45:49 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/08/21 09:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/21 09:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/21 09:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/08/21 09:40:24 | 009,242,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\annar\Contacts\Desktop\SUPERAntiSpyware.exe
[2010/08/21 09:39:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\annar\Contacts\Desktop\mbam-setup-1.46.exe
[2010/08/21 05:13:09 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/08/21 05:13:09 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/08/21 05:13:09 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/08/21 05:13:09 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/08/21 05:13:09 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/08/21 05:13:09 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/08/21 05:13:09 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/08/21 05:13:08 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/08/21 01:23:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/21 01:23:33 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/21 01:22:36 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/21 01:22:24 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/21 01:20:50 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/08/21 01:20:50 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/08/21 01:20:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/21 01:20:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/08/21 01:18:51 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/08/21 01:18:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/08/21 01:18:49 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/08/21 01:18:49 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/21 01:10:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/08/21 01:10:43 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/08/21 00:33:34 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/08/21 00:24:56 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/08/21 00:24:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/08/21 00:24:55 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/08/21 00:24:55 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/08/20 23:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010/08/16 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Roaming\Opera
[2010/08/16 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Local\Opera
[2010/08/16 17:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/08/15 23:38:39 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/15 23:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/15 23:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/10 13:30:33 | 000,000,000 | ---D | C] -- C:\Users\annar\Documents\Furcadia
[2010/08/10 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Furcadia
[2010/08/10 13:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Dragon's Eye Productions
[2010/08/04 19:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2010/08/04 10:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/08/03 15:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/05/31 18:40:44 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\annar\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/29 00:39:59 | 002,359,296 | -HS- | M] () -- C:\Users\annar\ntuser.dat
[2010/08/29 00:28:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 00:28:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 23:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 09:41:34 | 064,032,736 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/28 07:52:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 11:20:22 | 000,000,852 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\CCleaner.lnk
[2010/08/27 10:35:04 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/27 10:35:04 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/27 10:35:04 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/27 10:28:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/27 10:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/27 10:27:46 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 10:27:12 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 10:27:12 | 000,065,536 | -HS- | M] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TM.blf
[2010/08/27 10:26:52 | 006,291,456 | -H-- | M] () -- C:\Users\annar\AppData\Local\IconCache.db
[2010/08/26 12:29:17 | 000,017,682 | ---- | M] () -- C:\Users\annar\Documents\annamcdonaldresume2.rtf
[2010/08/24 18:10:11 | 001,809,592 | ---- | M] () -- C:\Users\annar\Documents\DAOcomic001a.jpg
[2010/08/24 10:26:29 | 003,264,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/22 22:35:28 | 000,111,768 | ---- | M] () -- C:\Users\annar\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/22 18:18:31 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/22 18:18:14 | 007,537,912 | ---- | M] (Microsoft Corporation) -- C:\Users\annar\Contacts\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/08/22 16:33:35 | 000,000,655 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/08/22 10:00:25 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/08/22 09:57:38 | 000,000,104 | ---- | M] () -- C:\Users\annar\Documents\Default Programs.lnk
[2010/08/21 23:48:55 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Furcadia Pounce.lnk
[2010/08/21 23:48:55 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Furcadia.lnk
[2010/08/21 15:42:53 | 000,002,565 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\HiJackThis.lnk
[2010/08/21 10:33:25 | 000,000,732 | ---- | M] () -- C:\Users\annar\AppData\Local\d3d9caps64.dat
[2010/08/21 09:48:19 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/08/21 09:48:19 | 000,002,009 | ---- | M] () -- C:\Users\annar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/21 09:47:15 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/21 09:47:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/21 09:44:18 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/21 09:41:52 | 054,835,272 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\setup_av_free.exe
[2010/08/21 09:40:24 | 009,242,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\annar\Contacts\Desktop\SUPERAntiSpyware.exe
[2010/08/21 09:40:01 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\annar\Contacts\Desktop\mbam-setup-1.46.exe
[2010/08/21 05:07:40 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/08/21 01:29:59 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000002.regtrans-ms
[2010/08/21 00:50:16 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/08/21 00:50:13 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/08/21 00:41:22 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/08/21 00:16:19 | 000,000,680 | ---- | M] () -- C:\Users\annar\AppData\Local\d3d9caps.dat
[2010/08/21 00:04:46 | 002,359,296 | -HS- | M] () -- C:\Users\annar\ntuser.dat_previous
[2010/08/21 00:04:42 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/21 00:04:42 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/21 00:04:42 | 000,065,536 | -HS- | M] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TM.blf
[2010/08/20 22:56:35 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{749c6195-69f7-11df-8b1e-dd15f5015fec}.TMContainer00000000000000000001.regtrans-ms
[2010/08/20 22:56:35 | 000,065,536 | -HS- | M] () -- C:\Users\annar\ntuser.dat{749c6195-69f7-11df-8b1e-dd15f5015fec}.TM.blf
[2010/08/20 22:19:34 | 000,000,218 | ---- | M] () -- C:\Users\annar\.recently-used.xbel
[2010/08/20 20:30:47 | 000,986,688 | ---- | M] () -- C:\Users\annar\Documents\telandri.psd
[2010/08/20 20:27:19 | 000,101,840 | ---- | M] () -- C:\Users\annar\Documents\telandrilinesweb.jpg
[2010/08/20 20:25:43 | 001,126,400 | ---- | M] () -- C:\Users\annar\Documents\telandri.sai
[2010/08/18 16:03:26 | 000,014,243 | ---- | M] () -- C:\Users\annar\Documents\Untitled 1.odt
[2010/08/18 15:26:28 | 000,087,790 | ---- | M] () -- C:\Users\annar\Documents\wtfshorts.jpg
[2010/08/16 11:15:13 | 000,044,032 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\KERI martin[1].doc
[2010/08/16 09:49:10 | 001,198,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\annar\Contacts\Desktop\TDSSKiller.exe
[2010/08/15 17:56:24 | 000,601,559 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\load_easternkingdoms2.jpg
[2010/08/12 16:36:02 | 000,016,468 | ---- | M] () -- C:\Users\annar\Documents\coverletter.odt
[2010/08/10 13:38:42 | 000,000,012 | -H-- | M] () -- C:\reachd.cz
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/27 11:20:22 | 000,000,852 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\CCleaner.lnk
[2010/08/24 18:10:01 | 001,809,592 | ---- | C] () -- C:\Users\annar\Documents\DAOcomic001a.jpg
[2010/08/22 18:18:31 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/22 10:00:25 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/08/22 09:57:38 | 000,000,104 | ---- | C] () -- C:\Users\annar\Documents\Default Programs.lnk
[2010/08/22 07:55:15 | 000,000,655 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/08/21 23:48:55 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Furcadia Pounce.lnk
[2010/08/21 23:48:55 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Furcadia.lnk
[2010/08/21 15:41:56 | 000,002,565 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\HiJackThis.lnk
[2010/08/21 14:26:51 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/21 09:48:19 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/08/21 09:48:19 | 000,002,009 | ---- | C] () -- C:\Users\annar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/21 09:47:30 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/21 09:47:28 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/21 09:47:15 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/21 09:47:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/08/21 09:46:09 | 000,553,448 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI0809.txt
[2010/08/21 09:45:57 | 000,024,344 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI0809.txt
[2010/08/21 09:44:18 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/21 09:41:51 | 054,835,272 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\setup_av_free.exe
[2010/08/21 02:07:23 | 000,524,288 | -HS- | C] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000002.regtrans-ms
[2010/08/21 02:07:23 | 000,524,288 | -HS- | C] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000001.regtrans-ms
[2010/08/21 02:07:23 | 000,065,536 | -HS- | C] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TM.blf
[2010/08/20 23:11:47 | 000,524,288 | -HS- | C] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/20 23:11:47 | 000,524,288 | -HS- | C] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/20 23:11:47 | 000,065,536 | -HS- | C] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TM.blf
[2010/08/20 22:19:34 | 000,000,218 | ---- | C] () -- C:\Users\annar\.recently-used.xbel
[2010/08/20 20:27:19 | 000,101,840 | ---- | C] () -- C:\Users\annar\Documents\telandrilinesweb.jpg
[2010/08/20 20:10:04 | 001,126,400 | ---- | C] () -- C:\Users\annar\Documents\telandri.sai
[2010/08/20 19:58:01 | 000,986,688 | ---- | C] () -- C:\Users\annar\Documents\telandri.psd
[2010/08/18 16:03:24 | 000,014,243 | ---- | C] () -- C:\Users\annar\Documents\Untitled 1.odt
[2010/08/18 15:26:28 | 000,087,790 | ---- | C] () -- C:\Users\annar\Documents\wtfshorts.jpg
[2010/08/16 11:15:12 | 000,044,032 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\KERI martin[1].doc
[2010/08/16 01:19:01 | 000,000,732 | ---- | C] () -- C:\Users\annar\AppData\Local\d3d9caps64.dat
[2010/08/15 17:56:24 | 000,601,559 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\load_easternkingdoms2.jpg
[2010/08/12 16:36:01 | 000,016,468 | ---- | C] () -- C:\Users\annar\Documents\coverletter.odt
[2010/08/10 13:38:42 | 000,000,012 | -H-- | C] () -- C:\reachd.cz
[2010/07/28 18:46:42 | 000,004,810 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/23 13:49:30 | 000,417,644 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI4095.txt
[2010/06/23 13:49:29 | 000,011,380 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI4095.txt
[2010/06/03 19:57:37 | 000,400,212 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI3F98.txt
[2010/06/03 19:57:30 | 000,011,194 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI3F98.txt
[2010/05/31 18:42:08 | 000,001,057 | ---- | C] () -- C:\Users\annar\AppData\Roaming\vso_ts_preview.xml
[2010/05/31 18:41:49 | 000,000,033 | ---- | C] () -- C:\Users\annar\AppData\Roaming\pcouffin.log
[2010/05/31 18:40:44 | 000,099,384 | ---- | C] () -- C:\Users\annar\AppData\Roaming\inst.exe
[2010/05/31 18:40:44 | 000,007,859 | ---- | C] () -- C:\Users\annar\AppData\Roaming\pcouffin.cat
[2010/05/31 18:40:44 | 000,001,167 | ---- | C] () -- C:\Users\annar\AppData\Roaming\pcouffin.inf
[2010/05/31 18:36:43 | 002,255,360 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/05/31 18:36:43 | 000,395,776 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/05/31 18:36:43 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/05/31 18:36:43 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010/05/24 20:00:55 | 000,428,870 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI34DD.txt
[2010/05/24 20:00:54 | 000,011,462 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI34DD.txt
[2010/04/18 17:33:03 | 000,427,548 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI46E4.txt
[2010/04/18 17:33:01 | 000,012,278 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI46E4.txt
[2010/04/02 19:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/12 22:51:23 | 000,428,212 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI6DC8.txt
[2010/01/12 22:51:22 | 000,011,462 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI6DC8.txt
[2010/01/10 15:16:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/09 12:06:37 | 000,028,105 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/11/09 12:06:25 | 000,031,810 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_dotnetfx3install.txt
[2009/11/09 12:06:25 | 000,001,578 | ---- | C] () -- C:\Users\annar\AppData\Local\uxeventlog.txt
[2009/11/09 12:06:25 | 000,000,604 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_dotnetfx3error.txt
[2009/10/24 16:41:16 | 000,000,680 | ---- | C] () -- C:\Users\annar\AppData\Local\d3d9caps.dat
[2009/10/19 14:43:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/19 14:42:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/30 18:28:52 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/08/30 18:28:52 | 000,000,088 | RHS- | C] () -- C:\ProgramData\6E73A72696.sys
[2009/08/23 22:03:48 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/07/01 20:55:21 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/06/18 19:12:59 | 000,098,304 | ---- | C] () -- C:\Users\annar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 18:21:16 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/08/29 00:38:10 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\.purple
[2010/01/04 18:00:17 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\CoreFTP
[2009/12/27 13:07:36 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\e frontier
[2009/08/23 22:10:18 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\EPSON
[2010/08/20 20:32:45 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\FileZilla
[2009/11/13 15:28:02 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\FOG Downloader
[2010/08/22 18:18:33 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Free Download Manager
[2010/08/24 18:09:54 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\gtk-2.0
[2010/01/21 14:31:39 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\KompoZer
[2010/04/18 17:52:48 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\OpenOffice.org
[2010/08/16 17:04:44 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Opera
[2009/11/24 13:42:35 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\SYSTEMAX Software Development
[2010/05/24 20:10:49 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\TS3Client
[2010/08/21 00:03:08 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\uTorrent
[2010/05/31 18:47:46 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Vso
[2010/08/27 10:27:03 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\annar\Contacts\Desktop\The.Princess.And.the.Frog.2009.DVDSCR.XviD.AC3-ViSiON.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\annar\Contacts\Desktop\The.Mummy.[1999]DvDrip-aXXo.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\annar\Contacts\Desktop\Family Guy Presents Something Something Something Dark Side [2009] dvd rip nlx.avi:TOC.WMV
< End of report >



OTL Extras logfile created on: 8/29/2010 12:39:56 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\annar\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 286.63 Gb Free Space | 61.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.90 Gb Total Space | 1.87 Gb Free Space | 98.16% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNAR-PC
Current User Name: annar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = AA C3 53 6D F2 54 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6805C689-7579-4009-876D-697E00EBFAC6}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{87F29A3D-A033-4127-86B5-60BAB42B781B}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{F6877012-9CCB-4E90-9078-C053A063C1B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01509D34-7127-4293-8191-491820FE8C01}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0B3A3F4B-EAE8-4B94-8980-CF8B0AB612A4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{0EC59455-38AE-4F9A-B470-9FBAFED514A4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{23C1FBAD-2761-473C-9767-2C5665EF20A2}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{29A3CF4A-3780-4DE8-9C1D-2C01CE620D56}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
"{3072E8EF-B041-47CB-BFD8-38414FD5A7BC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{321B4474-C50F-4EC8-9B70-DF594D005DEC}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe |
"{32E18A7A-5703-4AEB-829C-48939D706963}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{35C340BA-F718-48D0-8029-47CC905EEB43}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"{3B0A2399-576C-4FEB-83CC-55EAC693C40F}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe |
"{3DE09D5A-2487-4BDF-B673-C1404E9BB227}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{3EC21CF8-CC1A-4C77-B5D8-B4E7C3853DE8}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
"{406915F8-E47C-47D7-BCCA-72B519A53397}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{477A474E-3D58-4A62-8383-B88A7921DCC6}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"{47E3D20C-D5E3-45C8-8FDE-20728B2965B7}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{51FF742E-E3EE-4525-BCB8-5FC48E01A7C4}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{5DC8A4DB-3539-4E9D-8268-A9EC1A03901A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{690EC122-25EC-49C4-BFCE-BBD2B93D2865}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6F7C94D6-FA19-4BD3-89BE-223AF5846C2D}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{706C54F6-9641-4EF8-99DB-99D78500A95E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B5159A4-84C1-47FF-A35D-664A8AB5DBA5}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{8C8DBE1F-7CFD-4AAA-8924-26A00D18A232}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{8F1F88B7-F318-4B16-8069-4A414FA1DFE2}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{968D0723-0F7E-4E3D-8CD5-BF9DAED5A94B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{A4AB7F45-5A98-44D9-881E-BEB80D2DD73F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{AF259481-34EC-4732-8AA2-1A21A18AE5DA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{AFDFB6FD-5231-479E-86D5-CDB3866DEECB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{C1E4C5B3-BE1E-4697-AD86-CBC51776DC84}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{C3D00A7F-8A13-470D-B8E9-C5544CD2C857}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{C544A72E-1142-416A-91EE-7F40D700FAC5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D08079AD-AD45-4911-B9FA-B7A655E2AF07}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{D4C108C3-423A-4A1A-AB93-45812C0B5D55}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{DF3F5606-3F7A-4910-B46E-7F4B667EC3D7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{E304CD0A-7604-4E9D-9104-71C6F6A245A8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E7774B77-3701-4131-B68A-FF129EF652B0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{EA42A34B-7529-4998-9799-6AFBBC69D7A9}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{EC045AE0-3087-4F00-BD69-D0E4DFB28914}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FEAED243-DB54-40C0-A5FA-AE11927E572E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{120814E3-C75B-4926-8B73-5EE60AC6E320}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{2CC77034-C583-41EC-9A47-5CC501C2B0D8}C:\users\annar\contacts\desktop\oc11b72rv1.exe" = protocol=6 | dir=in | app=c:\users\annar\contacts\desktop\oc11b72rv1.exe |
"TCP Query User{320E9858-16D5-4A57-8FE2-06624FC4F2A8}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{325DB0F3-366B-4209-9AF6-A43DD99EFA69}C:\program files (x86)\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free download manager\fdm.exe |
"TCP Query User{6089A385-E08F-48E4-A847-CD30E5675AB7}C:\program files (x86)\coreftp\coreftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\coreftp\coreftp.exe |
"TCP Query User{6DC964A8-2195-413D-B203-2996E72D1E0F}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"TCP Query User{9BE8BE89-93C4-49AF-911A-1113A8C0B7B3}C:\program files (x86)\digsby\lib\digsby-app.exe" = protocol=6 | dir=in | app=c:\program files (x86)\digsby\lib\digsby-app.exe |
"TCP Query User{9D5C8F0A-075D-4225-8095-AD0FA010029B}C:\downloads\_extracted\oc11b72rv1.zip.extracted\oc11b72rv1.exe" = protocol=6 | dir=in | app=c:\downloads\_extracted\oc11b72rv1.zip.extracted\oc11b72rv1.exe |
"TCP Query User{9ED43B52-1143-459F-A20B-385CDAB6618E}C:\downloads\software\fogdownloader-rom_2_1_0_1871.exe" = protocol=6 | dir=in | app=c:\downloads\software\fogdownloader-rom_2_1_0_1871.exe |
"TCP Query User{B0E21334-0C0E-4503-8656-1E6684C0076B}C:\program files (x86)\steam\steamapps\evildisk0\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\evildisk0\team fortress 2\hl2.exe |
"TCP Query User{C5CE2751-07FE-4CFB-AF1E-B6AAFE0EFF23}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{D1366524-AB35-4C39-B0BC-73DA40DAF797}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{04050D51-D0E0-4230-9E35-F278D8CCCAE7}C:\users\annar\contacts\desktop\oc11b72rv1.exe" = protocol=17 | dir=in | app=c:\users\annar\contacts\desktop\oc11b72rv1.exe |
"UDP Query User{1C015772-BE71-41DA-835C-1646FC433581}C:\downloads\software\fogdownloader-rom_2_1_0_1871.exe" = protocol=17 | dir=in | app=c:\downloads\software\fogdownloader-rom_2_1_0_1871.exe |
"UDP Query User{279573C7-2619-480C-A4B4-696DBBADF597}C:\program files (x86)\steam\steamapps\evildisk0\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\evildisk0\team fortress 2\hl2.exe |
"UDP Query User{48C0C8A9-972A-43C6-AD2F-933A87DDA6B3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{79EB8188-3083-4AB3-A401-444AC5721FEA}C:\program files (x86)\digsby\lib\digsby-app.exe" = protocol=17 | dir=in | app=c:\program files (x86)\digsby\lib\digsby-app.exe |
"UDP Query User{7AA7CBB0-2621-4D48-90AE-00716336868C}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{929C9F2D-280F-4DD5-9C69-EC4210DB8834}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{94812133-2D51-4F17-B05D-CC976E4DE076}C:\downloads\_extracted\oc11b72rv1.zip.extracted\oc11b72rv1.exe" = protocol=17 | dir=in | app=c:\downloads\_extracted\oc11b72rv1.zip.extracted\oc11b72rv1.exe |
"UDP Query User{9B2795B1-E3FC-4E31-8B1F-BEEA80685942}C:\program files (x86)\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free download manager\fdm.exe |
"UDP Query User{B955AF82-24EA-454A-8E6D-4FD51F155B47}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{C6E7F47D-76B6-4B57-8206-C50EA78848DA}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{DF1ED461-9B1B-4336-9281-4CB4BC02D802}C:\program files (x86)\coreftp\coreftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\coreftp\coreftp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision®
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AstrumNival Allods" = Allods Online 1.0.05.41
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Core FTP LE 2.1" = Core FTP LE 2.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.3.1
"Free Download Manager_is1" = Free Download Manager 3.0
"Furcadia" = Furcadia
"Google Chrome" = Google Chrome
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers™ - War for Cybertron™
"InstallShield_{385FFF30-5DB3-4C18-B1F9-D7793D1B9A0B}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"LastFM_is1" = Last.fm 1.5.4.24567
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MVApplication1" = SureThing CD Labeler 4 SE
"Pen Tablet Driver" = Pen Tablet
"Pidgin" = Pidgin
"PROHYBRIDR" = 2007 Microsoft Office system
"Ragnarok Online" = Ragnarok Online
"Semagic" = Semagic (remove only)
"Steam App 440" = Team Fortress 2
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2010 7:38:37 AM | Computer Name = annar-PC | Source = Perflib | ID = 1005
Description =

Error - 8/21/2010 7:38:37 AM | Computer Name = annar-PC | Source = Perflib | ID = 1018
Description =

Error - 8/21/2010 7:38:37 AM | Computer Name = annar-PC | Source = Perflib | ID = 1008
Description =

Error - 8/21/2010 10:46:52 AM | Computer Name = annar-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 8/21/2010 10:55:44 AM | Computer Name = annar-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/21/2010 10:56:35 AM | Computer Name = annar-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/21/2010 3:29:03 PM | Computer Name = annar-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/22/2010 1:03:24 AM | Computer Name = annar-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 34c Start Time: 01cb4166e2805aa0 Termination Time: 60000

Error - 8/22/2010 6:55:24 AM | Computer Name = annar-PC | Source = Google Update | ID = 20
Description =

Error - 8/22/2010 7:55:25 AM | Computer Name = annar-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 11/8/2009 6:42:52 AM | Computer Name = annar-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 11/9/2009 1:02:24 PM | Computer Name = annar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/11/2009 9:03:41 PM | Computer Name = annar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/12/2009 7:20:41 AM | Computer Name = annar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/17/2009 7:22:25 AM | Computer Name = annar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/23/2009 4:51:31 AM | Computer Name = annar-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:49:42 AM on 11/23/2009 was unexpected.

Error - 11/23/2009 4:52:34 AM | Computer Name = annar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/25/2009 1:31:21 PM | Computer Name = annar-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/1/2009 5:25:28 PM | Computer Name = annar-PC | Source = DCOM | ID = 10010
Description =

Error - 12/4/2009 2:33:57 AM | Computer Name = annar-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 00E06103CE1D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 29 August 2010 - 05:02 AM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#11 Disko

Disko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 29 August 2010 - 09:53 AM

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.11.0 log created on 08292010_095217


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 29 August 2010 - 01:38 PM

Please run OTL (to scan only) and post the new log.

How are the redirects now?
Posted Image
m0le is a proud member of UNITE

#13 Disko

Disko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 29 August 2010 - 03:02 PM

OTL logfile created on: 8/29/2010 2:57:53 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = c:\Users\annar\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 283.17 Gb Free Space | 60.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.90 Gb Total Space | 1.87 Gb Free Space | 98.16% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNAR-PC
Current User Name: annar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - c:\Users\annar\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - c:\Users\annar\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (WNDA3100) -- C:\Windows\SysNative\DRIVERS\WNDA31vx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (AMD Technologies Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (WacomVKHid) -- C:\Windows\SysNative\DRIVERS\WacomVKHid.sys (Wacom Technology)
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/08/21 01:31:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/21 00:02:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/21 00:02:56 | 000,000,000 | ---D | M]

[2009/06/04 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Mozilla\Extensions
[2010/08/16 11:20:32 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions
[2010/05/27 15:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(90)
[2010/04/16 03:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/05/27 15:21:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(91)
[2009/10/02 20:27:15 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\personas@christopher(27).beard
[2009/10/06 19:18:28 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\extensions\personas@christopher.beard
[2010/01/13 22:47:34 | 000,001,201 | ---- | M] () -- C:\Users\annar\AppData\Roaming\Mozilla\Firefox\Profiles\jm0s4ug9.default\searchplugins\winamp-search.xml
[2010/08/20 20:38:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/14 23:49:27 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/03 11:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/03 11:28:41 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/21 00:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/10/06 21:49:02 | 000,000,793 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\annar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm ()
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Semagic - C:\Program Files (x86)\Semagic\link.htm ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Semagic - C:\Program Files (x86)\Semagic\link.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\annar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\annar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cb049fd0-37cb-11de-9e3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cb049fd0-37cb-11de-9e3e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{cb049fd0-37cb-11de-9e3e-806e6f6e6963}\Shell\dinstall\command - "" = D:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{d1a2cdaf-5231-11de-983a-00e06103ce1d}\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{d1a2ce6f-5231-11de-983a-00e06103ce1d}\Shell\AutoRun\command - "" = K:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/29 09:52:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/27 11:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/08/27 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Roaming\Yahoo!
[2010/08/27 11:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/08/27 11:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/24 10:26:11 | 000,000,000 | ---D | C] -- C:\WTablet
[2010/08/22 18:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/08/22 18:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/22 18:18:06 | 007,537,912 | ---- | C] (Microsoft Corporation) -- C:\Users\annar\Contacts\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/08/22 18:09:59 | 001,198,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\annar\Contacts\Desktop\TDSSKiller.exe
[2010/08/22 18:05:36 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/22 05:00:30 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/08/21 23:47:45 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Local\Dragon's Eye Productions
[2010/08/21 15:51:54 | 000,000,000 | ---D | C] -- C:\Users\annar\Contacts\Desktop\gmer
[2010/08/21 15:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/21 09:47:14 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/08/21 09:47:13 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/08/21 09:47:11 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/08/21 09:47:09 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/08/21 09:47:06 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/08/21 09:45:50 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/21 09:45:49 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/08/21 09:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/21 09:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/21 09:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/08/21 09:40:24 | 009,242,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\annar\Contacts\Desktop\SUPERAntiSpyware.exe
[2010/08/21 09:39:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\annar\Contacts\Desktop\mbam-setup-1.46.exe
[2010/08/21 05:13:09 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/08/21 05:13:09 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/08/21 05:13:09 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/08/21 05:13:09 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/08/21 05:13:09 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/08/21 05:13:09 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/08/21 05:13:09 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/08/21 05:13:08 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/08/21 01:23:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/21 01:23:33 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/21 01:22:36 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/21 01:22:24 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/21 01:20:50 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/08/21 01:20:50 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/08/21 01:20:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/21 01:20:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/08/21 01:18:51 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/08/21 01:18:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/08/21 01:18:49 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/08/21 01:18:49 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/21 01:10:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/08/21 01:10:43 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/08/21 00:33:34 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/08/21 00:24:56 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/08/21 00:24:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/08/21 00:24:55 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/08/21 00:24:55 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/08/20 23:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010/08/16 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Roaming\Opera
[2010/08/16 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Local\Opera
[2010/08/16 17:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/08/15 23:38:39 | 000,000,000 | ---D | C] -- C:\Users\annar\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/15 23:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/15 23:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/10 13:30:33 | 000,000,000 | ---D | C] -- C:\Users\annar\Documents\Furcadia
[2010/08/10 13:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Furcadia
[2010/08/10 13:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Dragon's Eye Productions
[2010/08/04 19:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2010/08/04 10:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/08/03 15:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/05/31 18:40:44 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\annar\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/29 14:57:51 | 002,359,296 | -HS- | M] () -- C:\Users\annar\ntuser.dat
[2010/08/29 14:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/29 14:28:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 14:28:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 09:42:00 | 064,052,916 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/29 07:52:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 11:20:22 | 000,000,852 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\CCleaner.lnk
[2010/08/27 10:35:04 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/27 10:35:04 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/27 10:35:04 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/27 10:28:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/27 10:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/27 10:27:46 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 10:27:12 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 10:27:12 | 000,065,536 | -HS- | M] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TM.blf
[2010/08/27 10:26:52 | 006,291,456 | -H-- | M] () -- C:\Users\annar\AppData\Local\IconCache.db
[2010/08/26 12:29:17 | 000,017,682 | ---- | M] () -- C:\Users\annar\Documents\annamcdonaldresume2.rtf
[2010/08/24 18:10:11 | 001,809,592 | ---- | M] () -- C:\Users\annar\Documents\DAOcomic001a.jpg
[2010/08/24 10:26:29 | 003,264,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/22 22:35:28 | 000,111,768 | ---- | M] () -- C:\Users\annar\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/22 18:18:31 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/22 18:18:14 | 007,537,912 | ---- | M] (Microsoft Corporation) -- C:\Users\annar\Contacts\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/08/22 16:33:35 | 000,000,655 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/08/22 10:00:25 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/08/22 09:57:38 | 000,000,104 | ---- | M] () -- C:\Users\annar\Documents\Default Programs.lnk
[2010/08/21 23:48:55 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Furcadia Pounce.lnk
[2010/08/21 23:48:55 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Furcadia.lnk
[2010/08/21 15:42:53 | 000,002,565 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\HiJackThis.lnk
[2010/08/21 10:33:25 | 000,000,732 | ---- | M] () -- C:\Users\annar\AppData\Local\d3d9caps64.dat
[2010/08/21 09:48:19 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/08/21 09:48:19 | 000,002,009 | ---- | M] () -- C:\Users\annar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/21 09:47:15 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/21 09:47:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/21 09:44:18 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/21 09:41:52 | 054,835,272 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\setup_av_free.exe
[2010/08/21 09:40:24 | 009,242,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\annar\Contacts\Desktop\SUPERAntiSpyware.exe
[2010/08/21 09:40:01 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\annar\Contacts\Desktop\mbam-setup-1.46.exe
[2010/08/21 05:07:40 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/08/21 01:29:59 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000002.regtrans-ms
[2010/08/21 00:50:16 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/08/21 00:50:13 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/08/21 00:41:22 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/08/21 00:16:19 | 000,000,680 | ---- | M] () -- C:\Users\annar\AppData\Local\d3d9caps.dat
[2010/08/21 00:04:46 | 002,359,296 | -HS- | M] () -- C:\Users\annar\ntuser.dat_previous
[2010/08/21 00:04:42 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/21 00:04:42 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/21 00:04:42 | 000,065,536 | -HS- | M] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TM.blf
[2010/08/20 22:56:35 | 000,524,288 | -HS- | M] () -- C:\Users\annar\ntuser.dat{749c6195-69f7-11df-8b1e-dd15f5015fec}.TMContainer00000000000000000001.regtrans-ms
[2010/08/20 22:56:35 | 000,065,536 | -HS- | M] () -- C:\Users\annar\ntuser.dat{749c6195-69f7-11df-8b1e-dd15f5015fec}.TM.blf
[2010/08/20 22:19:34 | 000,000,218 | ---- | M] () -- C:\Users\annar\.recently-used.xbel
[2010/08/20 20:30:47 | 000,986,688 | ---- | M] () -- C:\Users\annar\Documents\telandri.psd
[2010/08/20 20:27:19 | 000,101,840 | ---- | M] () -- C:\Users\annar\Documents\telandrilinesweb.jpg
[2010/08/20 20:25:43 | 001,126,400 | ---- | M] () -- C:\Users\annar\Documents\telandri.sai
[2010/08/18 16:03:26 | 000,014,243 | ---- | M] () -- C:\Users\annar\Documents\Untitled 1.odt
[2010/08/18 15:26:28 | 000,087,790 | ---- | M] () -- C:\Users\annar\Documents\wtfshorts.jpg
[2010/08/16 11:15:13 | 000,044,032 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\KERI martin[1].doc
[2010/08/16 09:49:10 | 001,198,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\annar\Contacts\Desktop\TDSSKiller.exe
[2010/08/15 17:56:24 | 000,601,559 | ---- | M] () -- C:\Users\annar\Contacts\Desktop\load_easternkingdoms2.jpg
[2010/08/12 16:36:02 | 000,016,468 | ---- | M] () -- C:\Users\annar\Documents\coverletter.odt
[2010/08/10 13:38:42 | 000,000,012 | -H-- | M] () -- C:\reachd.cz
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/27 11:20:22 | 000,000,852 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\CCleaner.lnk
[2010/08/24 18:10:01 | 001,809,592 | ---- | C] () -- C:\Users\annar\Documents\DAOcomic001a.jpg
[2010/08/22 18:18:31 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/22 10:00:25 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/08/22 09:57:38 | 000,000,104 | ---- | C] () -- C:\Users\annar\Documents\Default Programs.lnk
[2010/08/22 07:55:15 | 000,000,655 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/08/21 23:48:55 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Furcadia Pounce.lnk
[2010/08/21 23:48:55 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Furcadia.lnk
[2010/08/21 15:41:56 | 000,002,565 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\HiJackThis.lnk
[2010/08/21 14:26:51 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/21 09:48:19 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/08/21 09:48:19 | 000,002,009 | ---- | C] () -- C:\Users\annar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/21 09:47:30 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/21 09:47:28 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/21 09:47:15 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/21 09:47:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/08/21 09:46:09 | 000,553,448 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI0809.txt
[2010/08/21 09:45:57 | 000,024,344 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI0809.txt
[2010/08/21 09:44:18 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/21 09:41:51 | 054,835,272 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\setup_av_free.exe
[2010/08/21 02:07:23 | 000,524,288 | -HS- | C] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000002.regtrans-ms
[2010/08/21 02:07:23 | 000,524,288 | -HS- | C] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TMContainer00000000000000000001.regtrans-ms
[2010/08/21 02:07:23 | 000,065,536 | -HS- | C] () -- C:\Users\annar\ntuser.dat{e87c2b71-acd9-11df-a5f3-00e06103ce1d}.TM.blf
[2010/08/20 23:11:47 | 000,524,288 | -HS- | C] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000002.regtrans-ms
[2010/08/20 23:11:47 | 000,524,288 | -HS- | C] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TMContainer00000000000000000001.regtrans-ms
[2010/08/20 23:11:47 | 000,065,536 | -HS- | C] () -- C:\Users\annar\ntuser.dat{284f7d91-acd7-11df-a11d-f53e7b7ac4d0}.TM.blf
[2010/08/20 22:19:34 | 000,000,218 | ---- | C] () -- C:\Users\annar\.recently-used.xbel
[2010/08/20 20:27:19 | 000,101,840 | ---- | C] () -- C:\Users\annar\Documents\telandrilinesweb.jpg
[2010/08/20 20:10:04 | 001,126,400 | ---- | C] () -- C:\Users\annar\Documents\telandri.sai
[2010/08/20 19:58:01 | 000,986,688 | ---- | C] () -- C:\Users\annar\Documents\telandri.psd
[2010/08/18 16:03:24 | 000,014,243 | ---- | C] () -- C:\Users\annar\Documents\Untitled 1.odt
[2010/08/18 15:26:28 | 000,087,790 | ---- | C] () -- C:\Users\annar\Documents\wtfshorts.jpg
[2010/08/16 11:15:12 | 000,044,032 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\KERI martin[1].doc
[2010/08/16 01:19:01 | 000,000,732 | ---- | C] () -- C:\Users\annar\AppData\Local\d3d9caps64.dat
[2010/08/15 17:56:24 | 000,601,559 | ---- | C] () -- C:\Users\annar\Contacts\Desktop\load_easternkingdoms2.jpg
[2010/08/12 16:36:01 | 000,016,468 | ---- | C] () -- C:\Users\annar\Documents\coverletter.odt
[2010/08/10 13:38:42 | 000,000,012 | -H-- | C] () -- C:\reachd.cz
[2010/07/28 18:46:42 | 000,004,810 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/23 13:49:30 | 000,417,644 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI4095.txt
[2010/06/23 13:49:29 | 000,011,380 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI4095.txt
[2010/06/03 19:57:37 | 000,400,212 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI3F98.txt
[2010/06/03 19:57:30 | 000,011,194 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI3F98.txt
[2010/05/31 18:42:08 | 000,001,057 | ---- | C] () -- C:\Users\annar\AppData\Roaming\vso_ts_preview.xml
[2010/05/31 18:41:49 | 000,000,033 | ---- | C] () -- C:\Users\annar\AppData\Roaming\pcouffin.log
[2010/05/31 18:40:44 | 000,099,384 | ---- | C] () -- C:\Users\annar\AppData\Roaming\inst.exe
[2010/05/31 18:40:44 | 000,007,859 | ---- | C] () -- C:\Users\annar\AppData\Roaming\pcouffin.cat
[2010/05/31 18:40:44 | 000,001,167 | ---- | C] () -- C:\Users\annar\AppData\Roaming\pcouffin.inf
[2010/05/31 18:36:43 | 002,255,360 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/05/31 18:36:43 | 000,395,776 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/05/31 18:36:43 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/05/31 18:36:43 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010/05/24 20:00:55 | 000,428,870 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI34DD.txt
[2010/05/24 20:00:54 | 000,011,462 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI34DD.txt
[2010/04/18 17:33:03 | 000,427,548 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI46E4.txt
[2010/04/18 17:33:01 | 000,012,278 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI46E4.txt
[2010/04/02 19:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/01/12 22:51:23 | 000,428,212 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistMSI6DC8.txt
[2010/01/12 22:51:22 | 000,011,462 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_vcredistUI6DC8.txt
[2010/01/10 15:16:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/09 12:06:37 | 000,028,105 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/11/09 12:06:25 | 000,031,810 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_dotnetfx3install.txt
[2009/11/09 12:06:25 | 000,001,578 | ---- | C] () -- C:\Users\annar\AppData\Local\uxeventlog.txt
[2009/11/09 12:06:25 | 000,000,604 | ---- | C] () -- C:\Users\annar\AppData\Local\dd_dotnetfx3error.txt
[2009/10/24 16:41:16 | 000,000,680 | ---- | C] () -- C:\Users\annar\AppData\Local\d3d9caps.dat
[2009/10/19 14:43:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/19 14:42:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/30 18:28:52 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/08/30 18:28:52 | 000,000,088 | RHS- | C] () -- C:\ProgramData\6E73A72696.sys
[2009/08/23 22:03:48 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/07/01 20:55:21 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/06/18 19:12:59 | 000,098,304 | ---- | C] () -- C:\Users\annar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 18:21:16 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/08/29 14:59:27 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\.purple
[2010/01/04 18:00:17 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\CoreFTP
[2009/12/27 13:07:36 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\e frontier
[2009/08/23 22:10:18 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\EPSON
[2010/08/20 20:32:45 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\FileZilla
[2009/11/13 15:28:02 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\FOG Downloader
[2010/08/22 18:18:33 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Free Download Manager
[2010/08/24 18:09:54 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\gtk-2.0
[2010/01/21 14:31:39 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\KompoZer
[2010/04/18 17:52:48 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\OpenOffice.org
[2010/08/16 17:04:44 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Opera
[2009/11/24 13:42:35 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\SYSTEMAX Software Development
[2010/05/24 20:10:49 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\TS3Client
[2010/08/21 00:03:08 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\uTorrent
[2010/05/31 18:47:46 | 000,000,000 | ---D | M] -- C:\Users\annar\AppData\Roaming\Vso
[2010/08/27 10:27:03 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\annar\Contacts\Desktop\The.Princess.And.the.Frog.2009.DVDSCR.XviD.AC3-ViSiON.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\annar\Contacts\Desktop\The.Mummy.[1999]DvDrip-aXXo.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\annar\Contacts\Desktop\Family Guy Presents Something Something Something Dark Side [2009] dvd rip nlx.avi:TOC.WMV
< End of report >

Still redirecting both when I click links and when I type in the names of websites and whatnot.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 29 August 2010 - 04:37 PM

Please run TDSSKiller while I check over the OTL log
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#15 Disko

Disko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 29 August 2010 - 05:16 PM

No objects found.


2010/08/29 17:14:56.0173 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/29 17:14:56.0173 ================================================================================
2010/08/29 17:14:56.0173 SystemInfo:
2010/08/29 17:14:56.0173
2010/08/29 17:14:56.0173 OS Version: 6.0.6002 ServicePack: 2.0
2010/08/29 17:14:56.0173 Product type: Workstation
2010/08/29 17:14:56.0173 ComputerName: ANNAR-PC
2010/08/29 17:14:56.0176 UserName: annar
2010/08/29 17:14:56.0176 Windows directory: C:\Windows
2010/08/29 17:14:56.0176 System windows directory: C:\Windows
2010/08/29 17:14:56.0176 Running under WOW64
2010/08/29 17:14:56.0176 Processor architecture: Intel x64
2010/08/29 17:14:56.0176 Number of processors: 4
2010/08/29 17:14:56.0176 Page size: 0x1000
2010/08/29 17:14:56.0177 Boot type: Normal boot
2010/08/29 17:14:56.0177 ================================================================================
2010/08/29 17:14:56.0186 Utility is running under WOW64, functionality is limited.
2010/08/29 17:14:57.0486 Initialize success
2010/08/29 17:15:29.0862 ================================================================================
2010/08/29 17:15:29.0862 Scan started
2010/08/29 17:15:29.0862 Mode: Manual;
2010/08/29 17:15:29.0862 ================================================================================
2010/08/29 17:15:30.0337 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/08/29 17:15:30.0418 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2010/08/29 17:15:30.0560 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/08/29 17:15:30.0619 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/08/29 17:15:30.0678 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/08/29 17:15:30.0782 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/08/29 17:15:30.0879 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/08/29 17:15:30.0938 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/08/29 17:15:31.0059 ahcix64s (dada9751964a7d217a762c873c332b0e) C:\Windows\system32\drivers\ahcix64s.sys
2010/08/29 17:15:31.0120 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/08/29 17:15:31.0167 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/08/29 17:15:31.0194 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/08/29 17:15:31.0235 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/08/29 17:15:31.0329 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/08/29 17:15:31.0380 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/08/29 17:15:31.0455 aswFsBlk (e8184039d57365bee3eaa750375c44ad) C:\Windows\system32\drivers\aswFsBlk.sys
2010/08/29 17:15:31.0570 aswMonFlt (c671e9548d3d1b4cd15d0b164d9d01c7) C:\Windows\system32\drivers\aswMonFlt.sys
2010/08/29 17:15:31.0618 aswRdr (dee012d532c3f62ca099961505f41cf6) C:\Windows\system32\drivers\aswRdr.sys
2010/08/29 17:15:31.0665 aswSP (56bbd39753b9f7461c4de03c3217249d) C:\Windows\system32\drivers\aswSP.sys
2010/08/29 17:15:31.0960 aswTdi (193691b35598642a328d880483dc0ed9) C:\Windows\system32\drivers\aswTdi.sys
2010/08/29 17:15:32.0342 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/29 17:15:32.0495 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/08/29 17:15:33.0699 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
2010/08/29 17:15:33.0793 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\System32\Drivers\avgmfx64.sys
2010/08/29 17:15:33.0869 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\System32\Drivers\avgtdia.sys
2010/08/29 17:15:34.0052 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/08/29 17:15:34.0172 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/29 17:15:34.0219 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/29 17:15:34.0270 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/08/29 17:15:34.0404 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/08/29 17:15:34.0519 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/08/29 17:15:34.0610 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/29 17:15:34.0640 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/08/29 17:15:34.0709 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/08/29 17:15:34.0820 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/29 17:15:34.0898 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/29 17:15:34.0954 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2010/08/29 17:15:35.0038 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/08/29 17:15:35.0393 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/08/29 17:15:35.0685 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2010/08/29 17:15:35.0780 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/08/29 17:15:35.0916 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/08/29 17:15:36.0141 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/08/29 17:15:36.0282 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/08/29 17:15:36.0454 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/29 17:15:36.0552 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/08/29 17:15:36.0675 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/08/29 17:15:36.0742 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/08/29 17:15:36.0797 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/08/29 17:15:36.0951 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/08/29 17:15:37.0108 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/08/29 17:15:37.0147 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/29 17:15:37.0213 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/08/29 17:15:37.0262 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/08/29 17:15:37.0449 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/29 17:15:37.0540 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/08/29 17:15:37.0670 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/29 17:15:37.0727 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/29 17:15:37.0823 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2010/08/29 17:15:38.0041 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/08/29 17:15:38.0143 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/29 17:15:38.0270 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/08/29 17:15:38.0312 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2010/08/29 17:15:38.0389 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/29 17:15:38.0531 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/08/29 17:15:38.0645 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/08/29 17:15:38.0780 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/08/29 17:15:38.0825 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/29 17:15:38.0876 iaStor (5f118f3081afbc833a2d9cd1c213411a) C:\Windows\system32\drivers\iastor.sys
2010/08/29 17:15:39.0007 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/08/29 17:15:39.0055 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/08/29 17:15:39.0158 IntcAzAudAddService (f2c29af80a68c3c606e84c185673e722) C:\Windows\system32\drivers\RTKVHD64.sys
2010/08/29 17:15:39.0281 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/08/29 17:15:39.0328 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/29 17:15:39.0396 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/29 17:15:39.0493 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/29 17:15:39.0628 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/29 17:15:39.0678 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/08/29 17:15:39.0725 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/08/29 17:15:39.0818 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/29 17:15:39.0906 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/08/29 17:15:39.0950 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/08/29 17:15:40.0023 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/29 17:15:40.0080 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/29 17:15:40.0471 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/29 17:15:40.0555 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/08/29 17:15:40.0686 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/29 17:15:40.0783 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/29 17:15:40.0847 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/29 17:15:40.0933 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/29 17:15:41.0016 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/08/29 17:15:41.0067 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/08/29 17:15:41.0166 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/08/29 17:15:41.0282 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/08/29 17:15:41.0347 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/29 17:15:41.0384 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/29 17:15:41.0462 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/29 17:15:41.0575 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/08/29 17:15:41.0644 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/08/29 17:15:41.0725 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/08/29 17:15:41.0768 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/08/29 17:15:41.0824 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/29 17:15:41.0917 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/29 17:15:42.0013 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/29 17:15:42.0235 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/29 17:15:42.0302 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/29 17:15:42.0356 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/29 17:15:42.0403 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/08/29 17:15:42.0456 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/08/29 17:15:42.0538 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/08/29 17:15:42.0591 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/08/29 17:15:42.0678 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/29 17:15:42.0788 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/29 17:15:42.0839 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/08/29 17:15:42.0918 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/08/29 17:15:43.0010 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/29 17:15:43.0132 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/08/29 17:15:43.0215 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/08/29 17:15:43.0385 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/29 17:15:43.0505 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/08/29 17:15:43.0586 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/29 17:15:43.0625 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/29 17:15:43.0713 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/29 17:15:43.0860 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/08/29 17:15:43.0930 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/29 17:15:44.0042 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/29 17:15:44.0253 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/08/29 17:15:44.0342 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/08/29 17:15:44.0414 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/29 17:15:44.0514 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/08/29 17:15:44.0608 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/08/29 17:15:44.0698 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
2010/08/29 17:15:44.0796 NVHDA (26f31e94a298d076da8c34faffa13732) C:\Windows\system32\drivers\nvhda64v.sys
2010/08/29 17:15:45.0038 nvlddmkm (fb3a62737d6cfa44ebc5ca846bd40cc1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/29 17:15:45.0351 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/08/29 17:15:45.0397 nvrd64 (400e33760156fec66e80af5289388fe4) C:\Windows\system32\drivers\nvrd64.sys
2010/08/29 17:15:45.0451 nvsmu (0787f1a5a035ab37acf960f657b1fdb5) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/08/29 17:15:45.0565 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/08/29 17:15:45.0598 nvstor64 (3e684330ad905ae94ef8c507878f5b4f) C:\Windows\system32\drivers\nvstor64.sys
2010/08/29 17:15:45.0678 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/08/29 17:15:45.0888 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/29 17:15:46.0047 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
2010/08/29 17:15:46.0127 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/08/29 17:15:46.0190 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
2010/08/29 17:15:46.0316 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
2010/08/29 17:15:46.0400 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/08/29 17:15:46.0448 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2010/08/29 17:15:46.0551 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/08/29 17:15:46.0645 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2010/08/29 17:15:46.0701 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/08/29 17:15:46.0930 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/29 17:15:47.0039 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/08/29 17:15:47.0146 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/29 17:15:47.0306 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/08/29 17:15:47.0379 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/08/29 17:15:47.0435 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/29 17:15:47.0537 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/29 17:15:47.0611 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/29 17:15:47.0724 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/29 17:15:47.0809 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/29 17:15:47.0931 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/29 17:15:47.0984 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/29 17:15:48.0035 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/08/29 17:15:48.0121 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/29 17:15:48.0204 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/08/29 17:15:48.0361 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/29 17:15:48.0477 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/08/29 17:15:48.0504 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/08/29 17:15:48.0593 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/08/29 17:15:48.0707 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/08/29 17:15:48.0769 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/29 17:15:48.0906 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2010/08/29 17:15:48.0940 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/08/29 17:15:49.0024 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/08/29 17:15:49.0050 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/29 17:15:49.0129 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/29 17:15:49.0213 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/08/29 17:15:49.0363 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/08/29 17:15:49.0409 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/08/29 17:15:49.0523 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/08/29 17:15:49.0681 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/08/29 17:15:49.0792 srv (cb5bd298e62aed1b4af3cc44811a30a5) C:\Windows\system32\DRIVERS\srv.sys
2010/08/29 17:15:49.0835 srv2 (26cd9130775c59439b77ece2f6df9c4c) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/29 17:15:49.0963 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/29 17:15:50.0177 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/29 17:15:50.0235 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/08/29 17:15:50.0290 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/08/29 17:15:50.0416 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/08/29 17:15:50.0606 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/08/29 17:15:50.0713 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/29 17:15:50.0791 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/29 17:15:50.0963 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/08/29 17:15:50.0995 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/08/29 17:15:51.0130 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/29 17:15:51.0216 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/29 17:15:51.0371 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/29 17:15:51.0418 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/29 17:15:51.0492 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/29 17:15:51.0606 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/08/29 17:15:51.0706 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/29 17:15:51.0809 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/29 17:15:51.0879 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/08/29 17:15:52.0064 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/08/29 17:15:52.0109 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/08/29 17:15:52.0149 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/29 17:15:52.0305 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2010/08/29 17:15:52.0352 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/29 17:15:52.0456 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/08/29 17:15:52.0549 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/29 17:15:52.0642 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/29 17:15:52.0702 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/29 17:15:52.0776 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/29 17:15:52.0916 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/29 17:15:53.0004 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/29 17:15:53.0062 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/29 17:15:53.0171 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/29 17:15:53.0212 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/08/29 17:15:53.0300 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/08/29 17:15:53.0432 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/08/29 17:15:53.0519 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/08/29 17:15:53.0600 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/08/29 17:15:53.0706 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/08/29 17:15:53.0806 wacmoumonitor (f39fc224758290a3193c68c091e6f11a) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2010/08/29 17:15:53.0936 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2010/08/29 17:15:53.0976 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/08/29 17:15:54.0016 wacomvhid (53b03e71e88109a5c3c074a33889258a) C:\Windows\system32\DRIVERS\wacomvhid.sys
2010/08/29 17:15:54.0064 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
2010/08/29 17:15:54.0214 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/29 17:15:54.0251 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/29 17:15:54.0344 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/08/29 17:15:54.0406 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/29 17:15:54.0694 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/29 17:15:54.0800 WNDA3100 (2a860e48f7cd4a8ca437e7bd53ea4166) C:\Windows\system32\DRIVERS\WNDA31vx.sys
2010/08/29 17:15:54.0964 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/29 17:15:55.0018 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/29 17:15:55.0095 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/29 17:15:55.0499 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
2010/08/29 17:15:55.0860 ================================================================================
2010/08/29 17:15:55.0860 Scan finished
2010/08/29 17:15:55.0860 ================================================================================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users