Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with PSNI.exe


  • This topic is locked This topic is locked
18 replies to this topic

#1 J0kes

J0kes

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 31 August 2010 - 04:07 PM

Hey guys, thanks for taking your time out for me.

A few days ago, as I was installing a copy of Starcraft 2 (or it could be something else, I can't remember exactly what I was installing), when I first noticed my Kaspersky Internet Secruity 9.0.0.736 (which is always kept up-to-date) popped up with a notification that "Installer.exe" was attempting to do a bunch of stuff, one of which was accessing index.dat in the cookies folder. I thought it was all normal as part of the installation process, so gave it no thought.

Until yesterday, when the notification popped up again and if I remember correctly Installer.exe was lauched by PSNI.EXE and PSNI.EXE created C:\WINDOWS\TEMP\NSG4CCB.TMP\INETC.DLL and C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INDEX.DAT according to my Kaspersky log. Unfortunately the log doesn't track what the popup notifications said so I could be wrong on those.

But as I googled this PSNI.EXE, it brought me straight to this forum, to user Koopak's post (http://www.bleepingcomputer.com/forums/lofiversion/index.php/t315035.html) where a PSNI.EXE was deleted by MBAM as a virus. I read through the convo m0le had with Koopak, and tried to follow the steps although I suspect the custom clean/fix step using OLT was too customized for me to follow, so I ended up only using MBAM (downloaded from m0le's link) to scan my system. It came up with a bunch of junk and also found and deleted the PSNI.EXE. Here's the log for it:

CODE
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4512

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31/08/2010 12:30:31 PM
mbam-log-2010-08-31 (12-30-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 300582
Time elapsed: 57 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{a1dd29ed-2598-48e9-9793-64a9cd08ac94} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86aefbe8-763f-0647-899c-a93278894d8e} (Namespace.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87ca3845-37fe-414c-81cf-e08a7d0f6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{988934a4-064b-11d3-bb80-00104b35e7f9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{802f530b-a8f6-4631-ae49-6bacaac6373e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{86aefbe8-763f-0647-899c-a93278894d8e}" (Namespace.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Administrator\AppData\Roaming\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Roaming\Baidu\Toolbar (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Roaming\Baidu\Toolbar\Custom Buttons (Trojan.Cinmus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\Thunder Network\Thunder\Comdlls\xunleiBHO_Now.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\psni.exe (Virus.Agent) -> Quarantined and deleted successfully.
C:\Users\Administrator\Favorites\淘宝网 - 淘!我喜欢.url (Malware.Trace) -> Quarantined and deleted success


I also ran a full scan in Kaspersky before running MBAM, which came up with lots of infected Java cache files which were deleted.

But just to be safe, I followed your prep guide steps 1 - 7 to make sure that I have nothing left on my computer. I didn't run GMER because m0le had mentioned that it's not compatible with 64bit systems. Here's the DDS.txt:

CODE
DDS (Ver_10-03-17.01) - NTFSX64  
Run by Administrator at 13:04:55.80 on 31/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 旗舰版   6.1.7600.0.936.86.2052.18.6143.4227 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files (x86)\ASUS\AASP\1.00.91\aaCenter.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.3g234.com/
uWindow Title =
uInternet Settings,ProxyOverride = *.local
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files (x86)\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office12\GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE
mRun: [SoundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe
mRun: [Ai Nap] "c:\program files (x86)\asus\ai suite\ainap\AiNap.exe"
mRun: [CPU Power Monitor] "c:\program files (x86)\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [SwitchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: 使用迅雷下载 - c:\program files (x86)\thunder network\thunder\program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files (x86)\thunder network\thunder\program\getallurl.htm
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} - hxxp://download.ppstream.com/bin/powerplayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~1\office12\GRA32A~1.DLL
AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~1\sbhook.dll acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office12\GR469A~1.DLL
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\ievkbd.dll
BHO-X64:     IEVkbdBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\klwtbbho.dll
BHO-X64:     link filter bho - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [SoundMAX] c:\program files (x86)\analog devices\soundmax\soundmax.exe /tray
mRun-x64: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe"
AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~1\x64\sbhook64.dll,c:\progra~2\kasper~1\kasper~1\x64\kloehk.dll acaptuser64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\ab1lmufs.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - component: c:\program files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\ab1lmufs.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\microsoft.net\framework\v4.0.20506\wpf\NPWPF.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 27152]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
R2 AVP;Kaspersky Internet Security;c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-28 240232]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 54320]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-5-15 86120]
R3 SymSnapService;SymSnapService;c:\program files (x86)\norton ghost\shared\drivers\SymSnapServicex64.exe [2009-9-21 2963960]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-5-20 393728]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-11 6228480]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-11 160256]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\microsoft.net\framework\v4.0.20506\mscorsvw.exe [2009-5-5 104272]
S3 clr_optimization_v4.0.20506_64;.NET Runtime Optimization Service v4.0.20506_X64;c:\windows\microsoft.net\framework64\v4.0.20506\mscorsvw.exe [2009-5-5 122192]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\norton ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1571336]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-2 187392]
S3 SwitchBoard;SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-13 9728]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S4 WatAdminSvc;Windows 激活技术服务;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1255736]

=============== Created Last 30 ================

2010-08-31 19:58:07    0    ----a-w-    c:\users\administrator\defogger_reenable
2010-08-31 03:23:24    0    d-----w-    c:\users\admini~1\appdata\roaming\Malwarebytes
2010-08-31 03:23:15    24664    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-08-31 03:23:15    0    d-----w-    c:\programdata\Malwarebytes
2010-08-31 03:23:15    0    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-29 02:08:25    0    d-----w-    c:\users\admini~1\appdata\roaming\rockbox.org
2010-08-24 05:44:08    0    d-----w-    c:\program files (x86)\StarCraft II
2010-08-21 20:40:43    0    d-----w-    c:\users\admini~1\appdata\roaming\TuneUpMedia
2010-08-21 19:12:43    0    d-----w-    c:\program files\iTunes
2010-08-21 19:12:43    0    d-----w-    c:\program files\iPod
2010-08-21 19:12:43    0    d-----w-    c:\program files (x86)\iTunes
2010-08-21 19:11:17    0    d-----w-    c:\program files\Bonjour
2010-08-21 19:11:17    0    d-----w-    c:\program files (x86)\Bonjour
2010-08-10 12:15:58    94208    ----a-w-    c:\windows\syswow64\QuickTimeVR.qtx
2010-08-10 12:15:58    69632    ----a-w-    c:\windows\syswow64\QuickTime.qts
2010-08-10 10:38:27    0    d-----w-    C:\Symantec
2010-08-02 07:45:37    0    d-----w-    c:\program files (x86)\ACD Systems
2010-08-02 00:49:48    1970176    ----a-w-    c:\windows\syswow64\d3dx9.dll
2010-08-02 00:49:45    679936    ----a-w-    c:\windows\syswow64\D3DX81ab.dll
2010-08-02 00:49:45    0    d-----w-    c:\program files (x86)\Cheat Engine
2010-08-01 21:13:49    0    d-----w-    c:\programdata\Blizzard Entertainment

==================== Find3M  ====================

2010-08-30 05:44:14    439156    ----a-w-    c:\windows\system32\prfh0404.dat
2010-08-30 05:44:14    423186    ----a-w-    c:\windows\system32\prfh0804.dat
2010-08-30 05:44:14    122424    ----a-w-    c:\windows\system32\prfc0804.dat
2010-08-30 05:44:14    117510    ----a-w-    c:\windows\system32\prfc0404.dat
2010-07-29 17:35:30    149773    ----a-w-    c:\windows\system32\drivers\klin.dat
2010-07-29 17:35:30    106765    ----a-w-    c:\windows\system32\drivers\klick.dat
2010-06-29 01:52:46    178800    ----a-w-    c:\windows\syswow64\CmdLineExt_x64.dll
2010-02-09 08:01:34    31548    ----a-w-    c:\windows\inf\perflib\0404\perfd.dat
2010-02-09 08:01:34    31548    ----a-w-    c:\windows\inf\perflib\0404\perfc.dat
2010-02-09 08:01:34    117840    ----a-w-    c:\windows\inf\perflib\0404\perfi.dat
2010-02-09 08:01:34    117840    ----a-w-    c:\windows\inf\perflib\0404\perfh.dat
2009-07-14 10:31:52    31548    ----a-w-    c:\windows\inf\perflib\0804\perfd.dat
2009-07-14 10:31:52    31548    ----a-w-    c:\windows\inf\perflib\0804\perfc.dat
2009-07-14 10:31:52    31548    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 10:31:52    31548    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 10:31:52    291294    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 10:31:52    291294    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 10:31:52    111310    ----a-w-    c:\windows\inf\perflib\0804\perfi.dat
2009-07-14 10:31:52    111310    ----a-w-    c:\windows\inf\perflib\0804\perfh.dat
2009-07-14 04:54:24    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 04:54:24    174    --sha-w-    c:\program files (x86)\desktop.ini
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2010-02-11 09:30:32    245760    --sha-w-    c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-16 05:24:22    245760    --sha-w-    c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53    398848    --sha-w-    c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:05:44.51 ===============


Thanks for any assistance, and I'm sorry if i did the MBAM scan prematurely, I just wanted to get the problem out of mind quickly.
BTW, it's a Chinese copy of Win7 Ultimate.

Attached Files


Edited by J0kes, 31 August 2010 - 04:33 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:28 AM

Posted 10 September 2010 - 08:04 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 J0kes

J0kes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 14 September 2010 - 12:38 AM

Hey m0le,

Sorry I havent planned this out quite well, I won't be able to access the computer in question other than on weekends as I am living on campus and the computer is at home.

I will be home from Friday to Sunday and I'll try my best to follow your instructions. You may want to focus your attention on someone else on the week days.

Sorry for the inconvenience!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:28 AM

Posted 14 September 2010 - 04:06 PM

Hi J0kes,

I've made a note of your absence during the weekdays so don't worry.

I understand you've been reading one of my previous fixes and as you are a 64 bit user we will be doing the same type of start.


Please run OTL and Sophos
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Then

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Posted Image
m0le is a proud member of UNITE

#5 J0kes

J0kes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 18 September 2010 - 02:42 AM

I followed the instructions for the OTL and Sophos (unplugged internet, cleared temp data), however I did notice that Sophos did not allow me to scan running processes...
also Sophos came up with nothing that needs removal.

OTL:
CODE
OTL logfile created on: 17/09/2010 7:08:13 PM - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: 加拿大 | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 71.00% Memory free
14.00 Gb Paging File | 12.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): d:\pagefile.sys 8134 8134 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51.63 Gb Total Space | 21.40 Gb Free Space | 41.45% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 377.62 Gb Free Space | 40.54% Space Free | Partition Type: NTFS
Drive E: | 1862.89 Gb Total Space | 947.59 Gb Free Space | 50.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 420.90 Gb Total Space | 274.01 Gb Free Space | 65.10% Space Free | Partition Type: NTFS
Drive H: | 458.98 Gb Total Space | 426.27 Gb Free Space | 92.87% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MKII
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.91\aaCenter.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:[b]64bit:[/b] - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (DAUpdaterSvc) -- G:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (Norton Ghost) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (GenericMount Helper Service) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe (Symantec)
SRV - (SymSnapService) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe (Symantec)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.20506\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.20506_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.20506_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.20506\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:[/b] - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft)
DRV:[b]64bit:[/b] - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:[b]64bit:[/b] - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:[b]64bit:[/b] - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:[b]64bit:[/b] - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.3g234.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Dictionary"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.3
FF - prefs.js..extensions.enabledItems: info@priceblink.com:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/21 12:14:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/21 12:14:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/09 19:59:03 | 000,000,000 | ---D | M]

[2010/02/03 04:57:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/02/03 04:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/12 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions
[2010/06/10 11:40:55 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/16 14:26:07 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/06/10 11:40:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/16 14:26:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/16 14:26:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/16 14:26:07 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/06/10 11:40:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/06/10 11:40:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\info@priceblink.com
[2009/08/01 13:22:18 | 000,000,939 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\searchplugins\dictionary.xml
[2009/08/01 13:22:00 | 000,000,713 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\searchplugins\webster.xml
[2010/09/12 18:15:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/16 12:57:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/06 21:13:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/05/16 13:48:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/01 10:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 10:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/02/06 21:12:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2010/04/01 10:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/06/11 22:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/04/01 08:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 08:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 08:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 08:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 08:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 08:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 08:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/19 18:47:07 | 000,001,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                activate.adobe.com
O1 - Hosts: 127.0.0.1                practivate.adobe.com
O1 - Hosts: 127.0.0.1                ereg.adobe.com
O1 - Hosts: 127.0.0.1                activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1                wip3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1                ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1                activate-sea.adobe.com
O1 - Hosts: 127.0.0.1                wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1                activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com          
O1 - Hosts: 127.0.0.1                               125.252.224.90                      
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\Comdlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Google Pinyin 2 Autoupdater] C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: 使用迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\Program\geturl.htm ()
O8:[b]64bit:[/b] - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getAllurl.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\Program\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getAllurl.htm ()
O9:[b]64bit:[/b] - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:[b]64bit:[/b] - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} http://download.ppstream.com/bin/powerplayer.cab (PowerList Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mbox {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mboxflash {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mbox {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mboxflash {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll acaptuser64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll acaptuser64.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1345fad0-1787-11df-b3f8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{1345fad0-1787-11df-b3f8-005056c00008}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d69456f3-117f-11df-b35c-001fd0d6ce51}\Shell - "" = AutoRun
O33 - MountPoints2\{d69456f3-117f-11df-b35c-001fd0d6ce51}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/08/30 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2010/08/30 20:23:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/30 20:23:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/30 20:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/30 20:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/30 18:16:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/08/28 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\rockbox.org
[2010/08/23 22:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010/08/21 13:40:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUpMedia
[2010/08/21 12:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/21 12:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/21 12:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/08/21 12:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/21 12:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/21 12:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/02/03 04:52:41 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Administrator\AppData\Roaming\pcouffin.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/09/17 19:08:49 | 003,407,872 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2010/09/17 19:05:51 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 19:05:51 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 18:58:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 18:17:14 | 004,674,233 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2010/09/09 20:05:24 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/09/06 01:39:19 | 001,909,250 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/06 01:39:19 | 000,675,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/06 01:39:19 | 000,439,156 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2010/09/06 01:39:19 | 000,423,186 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2010/09/06 01:39:19 | 000,124,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/06 01:39:19 | 000,122,424 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2010/09/06 01:39:19 | 000,117,510 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2010/09/05 14:00:00 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/09/01 03:32:19 | 000,023,878 | ---- | M] () -- C:\Windows\Notepad2.ini
[2010/08/31 12:58:07 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2010/08/31 12:54:04 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010/08/30 20:23:19 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 18:16:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/08/30 17:26:34 | 000,525,824 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/08/30 03:21:49 | 000,000,864 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/30 03:21:49 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/08/24 18:20:31 | 000,000,565 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\myMPQ.ini
[2010/08/24 13:59:07 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/23 22:44:10 | 000,000,970 | ---- | M] () -- C:\Users\Administrator\Desktop\SC2ALLin1.lnk
[2010/08/21 12:14:03 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/21 12:12:52 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/08/31 12:58:07 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2010/08/31 12:54:04 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010/08/30 20:23:19 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 17:26:33 | 000,525,824 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/08/30 03:21:49 | 000,000,864 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/30 03:21:49 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/08/24 13:54:25 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/08/23 22:44:10 | 000,000,970 | ---- | C] () -- C:\Users\Administrator\Desktop\SC2ALLin1.lnk
[2010/08/21 13:40:00 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/08/21 12:14:03 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/21 12:12:52 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/16 01:48:22 | 000,000,565 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\myMPQ.ini
[2010/08/01 17:49:48 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/07/16 22:04:13 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/07/16 22:04:13 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/05/17 13:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/05/17 13:07:37 | 000,000,594 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/16 13:16:13 | 000,023,878 | ---- | C] () -- C:\Windows\Notepad2.ini
[2010/05/16 12:42:16 | 000,000,034 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.log
[2010/05/16 12:37:42 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/05/16 12:37:42 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/05/16 12:37:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/05/16 12:37:40 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/05/16 01:23:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/03 00:27:17 | 000,000,140 | ---- | C] () -- C:\Windows\powerlist.ini
[2010/03/03 00:27:16 | 000,000,998 | ---- | C] () -- C:\Windows\psnetwork.ini
[2010/03/03 00:27:16 | 000,000,832 | ---- | C] () -- C:\Windows\powerplayer.ini
[2010/02/18 22:03:11 | 000,000,025 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\bdfvconp.ini
[2010/02/14 22:58:12 | 000,000,031 | ---- | C] () -- C:\Windows\warhead.ini
[2010/02/11 23:13:43 | 000,010,240 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/07 00:47:14 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/02/05 09:22:06 | 000,000,009 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pwpe_wiki_ini.conf
[2010/02/04 05:11:31 | 000,007,611 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2010/02/03 05:59:37 | 000,000,115 | ---- | C] () -- C:\Windows\fzwmb.INI
[2010/02/03 05:58:19 | 001,361,332 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/03 04:53:06 | 000,001,173 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\vso_ts_preview.xml
[2010/02/03 04:52:41 | 000,099,384 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\inst.exe
[2010/02/03 04:52:41 | 000,007,859 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.cat
[2010/02/03 04:52:41 | 000,001,167 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.inf
[2010/02/03 04:49:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/02/03 05:40:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2010/02/03 04:17:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Application Data
[2010/02/05 04:07:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\kingsoft
[2010/05/17 22:50:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010/03/03 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ppStream
[2010/08/28 19:08:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\rockbox.org
[2010/05/16 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SaaYaa
[2010/05/17 01:42:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sinvise Systems
[2010/08/21 14:28:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUpMedia
[2010/09/06 13:48:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2010/07/29 22:34:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2010/09/05 14:00:00 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/06/01 12:25:51 | 000,032,702 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/25 19:50:50 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\Windows 7 Manager Live Update.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2010/07/26 11:40:32 | 000,001,340 | ---- | M] ()(C:\Users\Administrator\Desktop\Prince of Persia The Forgotten Sands?.lnk) -- C:\Users\Administrator\Desktop\Prince of Persia The Forgotten Sands.lnk
[2010/07/26 11:40:32 | 000,001,340 | ---- | C] ()(C:\Users\Administrator\Desktop\Prince of Persia The Forgotten Sands?.lnk) -- C:\Users\Administrator\Desktop\Prince of Persia The Forgotten Sands.lnk
[2010/07/26 11:40:06 | 000,000,220 | ---- | M] ()(C:\Users\Administrator\Desktop\Need for Speed? SHIFT.lnk) -- C:\Users\Administrator\Desktop\Need for Speed SHIFT.lnk
[2010/07/26 11:40:06 | 000,000,220 | ---- | C] ()(C:\Users\Administrator\Desktop\Need for Speed? SHIFT.lnk) -- C:\Users\Administrator\Desktop\Need for Speed SHIFT.lnk
< End of report >


Sophos:
CODE
Sophos Anti-Rootkit Version 1.5.4  (c) 2009 Sophos Plc
Started logging on 17/09/2010 at 21:13:38 PM
User "Administrator" on computer "MKII"
Windows version 6.1 SP 0.0  build 7600 SM=0x100 PT=0x1 WOW64
Info:    Starting registry scan.
Info:    Starting disk scan of C: (NTFS).
Info:    Starting disk scan of D: (NTFS).
Hidden:    file D:\Music\Armin van Buuren Discography\03 Singles & Remixes\Armin van Buuren - Blue Fear\2004 Blue Fear (CDs)\2004 Armin van Buuren - Blue Fear (Agnelli & Nelson Remix)\00-armin_van_buuren-blue_fear_2004__incl_agnelli_and_nelson_remix-promo_vinyl-2004-mns.nfo
Hidden:    file D:\Music\Armin van Buuren Discography\03 Singles & Remixes\Armin van Buuren - Blue Fear\2004 Blue Fear (CDs)\2004 Armin van Buuren - Blue Fear (Agnelli & Nelson Remix)\00-armin_van_buuren-blue_fear_2004__incl_agnelli_and_nelson_remix-promo_vinyl-2004-mns.sfv
Info:    Starting disk scan of E: (NTFS).
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor CMYK Vol 8\Copyright Info - read first\CMA CopyRight Info.txt
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor Proofers Vol 7\Copyright Info - read first\CMA CopyRight Info.txt
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\Sharpers to Load!\Read First!!.txt
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor CMYK Vol 8\Copyright Info - read first\CMA Copyright Info.rtf
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor Proofers Vol 7\Copyright Info - read first\CMA Copyright Info.rtf
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor CMYK Vol 8\Actions Materials - Copyrighted\CMA CMYK Power Processor Setup.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor CMYK Vol 8\Actions Materials - Copyrighted\CMA CMYK Production.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor CMYK Vol 8\Actions Materials - Copyrighted\CMA CMYK- Screen Dual PP.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor Proofers Vol 7\Actions Materials - Copyrighted\CMA Hi Key Dual Processors.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor Proofers Vol 7\Actions Materials - Copyrighted\CMA Low Key Dual Processors.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 Baha.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 BelAire.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 EverGlades.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 GenX.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 HiB-W.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 HiColor.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 HiGlades.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 HiMidnight.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 HiSepia.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAiTones1-041007\CMA PA iTones1 Neuport.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - Bronzer.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - Caramel.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - Crystal.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - HiBronzer.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - Jade.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - Midnight.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - Mocha.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - Persia.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - Sepia.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAJazz-041007\CMA PA Jazz - Spice.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAPort 041007\CMA PA Portrait Cool.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAPort 041007\CMA PA Portrait HiKey.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAPort 041007\CMA PA Portrait Plus.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAPort 041007\CMA PA Portrait Warm.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAPort 041007\CMA PA Portrait.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAPort 041007\CMA PA Scenic Plus.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAPort 041007\CMA PA Scenic.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\CMA-PAPort 041007\CMA PA Wedding.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor Proofers Vol 7\Actions Materials - Copyrighted\CMA Power Processor Setup.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\Sharpers to Load!\Sharpers\CMA Sharpers.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\Sharpers to Load!\Canon Sharpers\CMA Sharpers.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\Sharpers to Load!\In-Camera Sharpers\CMA Sharpers.atn
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Actions Vol. 1-2-3-4-5-7-8\Craigs Actions Volumes 7, 8\CMA Power Processor Proofers Vol 7\Actions Materials - Copyrighted\.DS_Store
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\Sharpers to Load!\._Canon Sharpers
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\Sharpers to Load!\._In-Camera Sharpers
Hidden:    file E:\My Downloads\01 - Applications\Adobe Photoshop Actions for Photographers\Adobe Photoshop Actions for Photographers\Craigs Production Assistants Creative Suite 1\Craigs actions PA\CMACreativeSuite1\Actions Materials - Copyrighted\Sharpers to Load!\._Sharpers
Info:    Starting disk scan of G: (NTFS).
Info:    Starting disk scan of H: (NTFS).
Stopped logging on 17/09/2010 at 21:54:57 PM


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:28 AM

Posted 18 September 2010 - 07:05 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
:files
C:\Windows\tasks\At*.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:commands
[EmptyTemp]


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next please run MBAM which targets trojan.agent (which psni.exe is part of)

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#7 J0kes

J0kes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 18 September 2010 - 09:21 PM

OTL Log:
CODE
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 19947385 bytes
->Temporary Internet Files folder emptied: 5818386 bytes
->Java cache emptied: 2670672 bytes
->FireFox cache emptied: 95761510 bytes
->Opera cache emptied: 14611222 bytes
->Flash cache emptied: 52283 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 991232 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 294573 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67498 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 135.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09182010_174441

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSV918ZI\sa[1].aspx moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2800.log moved successfully.

Registry entries deleted on Reboot...


MBAM unfortunately fails to all my drives. The same situation happened before I posted my message too, it would have no problem scanning my C drive but it always fails when I try to scan all the drives usually getting to the second drive. I've attached a screenshot.

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:28 AM

Posted 19 September 2010 - 06:19 AM

Please set MBAM to scan just the C drive at this point. Uncheck all other drive options.


Posted Image
m0le is a proud member of UNITE

#9 J0kes

J0kes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 19 September 2010 - 02:37 PM

Here's the MBAM,

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4650

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/09/2010 12:35:47 PM
mbam-log-2010-09-19 (12-35-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 302584
Time elapsed: 58 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:28 AM

Posted 19 September 2010 - 05:26 PM

The C drive is the big one.

Please run ESET's online scan next
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#11 J0kes

J0kes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 19 September 2010 - 09:21 PM

Yep, I agree that C drive is the big one, I know most of the malware found in my other drives are probably false-positives from keygens and trainers and such so I terminated the scan when it finished with D drive which contains the paging file and some settings for programs.

This will be the last reply i can give this weekend as I am heading back to campus in a few minutes. Thanks for all the help, you can leave the next step for me and I'll get on it as soon as I can.

Here's the report:
CODE
C:\Program Files (x86)\systemfiles\222.vbs    probably a variant of Win32/TrojanClicker.Agent.JRLRSHZ trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\systemfiles\3.bat    Win32/StartPage.NVL trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\??????????\??????????.url    VBS/StartPage.NAY trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\????.lnk    VBS/StartPage.NAU trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\??????????.lnk    VBS/StartPage.NAT trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\???????.lnk    VBS/StartPage.NAT trojan    cleaned by deleting - quarantined
C:\Users\Administrator\Favorites\????????.lnk    VBS/StartPage.NAT trojan    cleaned by deleting - quarantined
C:\Users\Administrator\Favorites\??????.lnk    VBS/StartPage.NAY trojan    cleaned by deleting - quarantined
D:\02 - cyp\games\about-CS\CSCDKEY\CDKEY???.EXE    a variant of Win32/Packed.PECrypt32.A application    cleaned by deleting - quarantined
D:\02 - cyp\games\about-CS\hacks\CSCDKEY\wangke.com\??CD-KEY???\CDKEY???.exe    a variant of Win32/Packed.PECrypt32.A application    cleaned by deleting - quarantined
D:\02 - cyp\games\about-CS\hacks\OGC_Re_2.5\OGC_Re_2.5\0gc_re.exe    probably a variant of Win32/Agent.BQHVNQV trojan    cleaned by deleting - quarantined
D:\02 - cyp\internet\hacks\wwwhack-1.946.zip    probably a variant of Win32/IRCBot.JSAITPW trojan    deleted - quarantined
D:\02 - cyp\internet\safety\????30?????.exe    multiple threats    deleted - quarantined
D:\Game Stuff\CS MODS\MPH UNHEIL Release 04.rar    probably a variant of Win32/Agent.KEXESPD trojan    deleted - quarantined
D:\Game Stuff\CS MODS\MPH UNHEIL Release 04\MPH UNHEIL Release 04\UNHEIL.exe    probably a variant of Win32/Agent.KEXESPD trojan    cleaned by deleting - quarantined
E:\$BACKUP\C My Documents Backup\05152010\Shared Documents\MGA6_crack1.9.42.0\MGA6crack.exe    probably a variant of Win32/Agent.JEMANYM trojan    deleted - quarantined
E:\My Downloads\00 - PC Games\Alpha.Protocol-SKIDROW\sr-apd2.iso    a variant of Win32/Packed.VMProtect.AAA trojan    deleted - quarantined


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:28 AM

Posted 20 September 2010 - 06:29 PM

Okay, J0kes, see you in five days.


Please run SAS next

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Then please run a new scan on OTL and post that log.
Posted Image
m0le is a proud member of UNITE

#13 J0kes

J0kes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 25 September 2010 - 02:03 PM

Here are the new logs:

SuperAntiSpyware:
CODE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/24/2010 at 10:46 PM

Application Version : 4.43.1000

Core Rules Database Version : 5578
Trace Rules Database Version: 3390

Scan type       : Complete Scan
Total Scan Time : 01:05:42

Memory items scanned      : 639
Memory threats detected   : 0
Registry items scanned    : 14011
Registry threats detected : 14
File items scanned        : 161711
File threats detected     : 13

Trojan.Agent/Gen-Sino[TAO]
    (x86) HKLM\Software\Classes\CLSID\{01443AEC-0FD1-40fd-9C87-E93D1494C233}
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}#AppID
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\InprocServer32
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\InprocServer32#ThreadingModel
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\ProgID
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\Programmable
    (x86) HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}\VersionIndependentProgID
    (x86) HKCR\XLF24.ThunderAtOnce.1
    (x86) HKCR\XLF24.ThunderAtOnce
    (x86) HKCR\XLF24.ThunderAtOnce\CurVer
    C:\PROGRAM FILES (X86)\THUNDER NETWORK\THUNDER\COMDLLS\TDATONCE_NOW.DLL
    (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}
    (x86) HKU\S-1-5-21-1028020655-410134688-3148877360-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01443AEC-0FD1-40FD-9C87-E93D1494C233}

Adware.Tracking Cookie
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@atdmt[3].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@hitbox[2].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ehg-eset.hitbox[1].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@2o7[1].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@atdmt[1].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@doubleclick[1].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@imrworldwide[2].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@msnportal.112.2o7[1].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@sales.liveperson[1].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@sales.liveperson[3].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@statse.webtrendslive[2].txt
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@uniclick.openv[1].txt


OTL:
CODE
OTL logfile created on: 25/09/2010 11:52:13 AM - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: 加拿大 | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 69.00% Memory free
14.00 Gb Paging File | 12.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): d:\pagefile.sys 8134 8134 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51.63 Gb Total Space | 20.98 Gb Free Space | 40.63% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 377.40 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
Drive E: | 1862.89 Gb Total Space | 939.94 Gb Free Space | 50.46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 420.90 Gb Total Space | 274.01 Gb Free Space | 65.10% Space Free | Partition Type: NTFS
Drive H: | 458.98 Gb Total Space | 426.27 Gb Free Space | 92.87% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MKII
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.91\aaCenter.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:[b]64bit:[/b] - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:[b]64bit:[/b] - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (DAUpdaterSvc) -- G:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (Norton Ghost) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (GenericMount Helper Service) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe (Symantec)
SRV - (SymSnapService) -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe (Symantec)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.20506\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.20506_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.20506_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.20506\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (MEMSWEEP2) -- C:\Windows\SysNative\CBCB.tmp File not found
DRV:[b]64bit:[/b] - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[b]64bit:[/b] - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:[b]64bit:[/b] - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:[/b] - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation)
DRV:[b]64bit:[/b] - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft)
DRV:[b]64bit:[/b] - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:[b]64bit:[/b] - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:[b]64bit:[/b] - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:[b]64bit:[/b] - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.3g234.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Dictionary"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.3
FF - prefs.js..extensions.enabledItems: info@priceblink.com:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/21 12:14:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/21 12:14:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/09 19:59:03 | 000,000,000 | ---D | M]

[2010/02/03 04:57:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/02/03 04:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/24 22:05:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions
[2010/06/10 11:40:55 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/16 14:26:07 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/06/10 11:40:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/16 14:26:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/16 14:26:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/16 14:26:07 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/06/10 11:40:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/06/10 11:40:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\extensions\info@priceblink.com
[2009/08/01 13:22:18 | 000,000,939 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\searchplugins\dictionary.xml
[2009/08/01 13:22:00 | 000,000,713 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ab1lmufs.default\searchplugins\webster.xml
[2010/09/24 22:05:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/16 12:57:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/06 21:13:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/05/16 13:48:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/04/01 10:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 10:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/02/06 21:12:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2010/04/01 10:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/06/11 22:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/08/21 12:14:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/04/01 08:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 08:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 08:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 08:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 08:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 08:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 08:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/19 18:47:07 | 000,001,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                activate.adobe.com
O1 - Hosts: 127.0.0.1                practivate.adobe.com
O1 - Hosts: 127.0.0.1                ereg.adobe.com
O1 - Hosts: 127.0.0.1                activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1                wip3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1                ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1                activate-sea.adobe.com
O1 - Hosts: 127.0.0.1                wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1                activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com          
O1 - Hosts: 127.0.0.1                               125.252.224.90                      
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Google Pinyin 2 Autoupdater] C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: 使用迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\Program\geturl.htm ()
O8:[b]64bit:[/b] - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getAllurl.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\Program\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getAllurl.htm ()
O9:[b]64bit:[/b] - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:[b]64bit:[/b] - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} http://download.ppstream.com/bin/powerplayer.cab (PowerList Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mbox {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mboxflash {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mbox {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mboxflash {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll acaptuser64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll acaptuser64.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1345fad0-1787-11df-b3f8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{1345fad0-1787-11df-b3f8-005056c00008}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d69456f3-117f-11df-b35c-001fd0d6ce51}\Shell - "" = AutoRun
O33 - MountPoints2\{d69456f3-117f-11df-b35c-001fd0d6ce51}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/09/24 21:34:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/24 21:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/24 21:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/24 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/18 17:44:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/17 19:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/08/30 20:23:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2010/08/30 20:23:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/30 20:23:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/30 20:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/30 20:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/30 18:16:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/08/28 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\rockbox.org
[2010/02/03 04:52:41 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Administrator\AppData\Roaming\pcouffin.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/09/25 11:53:34 | 003,407,872 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2010/09/25 11:50:37 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/25 11:50:37 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/25 11:43:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/25 11:42:06 | 004,705,001 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2010/09/24 21:37:27 | 000,023,878 | ---- | M] () -- C:\Windows\Notepad2.ini
[2010/09/24 21:34:49 | 000,001,815 | ---- | M] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/19 14:13:12 | 001,909,250 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/19 14:13:12 | 000,675,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/19 14:13:12 | 000,439,156 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2010/09/19 14:13:12 | 000,423,186 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2010/09/19 14:13:12 | 000,124,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/19 14:13:12 | 000,122,424 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2010/09/19 14:13:12 | 000,117,510 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2010/09/18 22:14:15 | 000,000,565 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\myMPQ.ini
[2010/09/18 19:18:07 | 000,191,852 | ---- | M] () -- C:\Users\Administrator\Desktop\Untitled.png
[2010/09/18 17:53:47 | 000,005,310 | ---- | M] () -- C:\Users\Administrator\Desktop\OTL09182010_174441
[2010/09/18 13:18:28 | 000,001,477 | ---- | M] () -- C:\Users\Administrator\Desktop\williams-cp.tpl
[2010/09/09 20:05:24 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/08/31 12:58:07 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2010/08/31 12:54:04 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010/08/30 20:23:19 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 18:16:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/08/30 17:26:34 | 000,525,824 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/08/30 03:21:49 | 000,000,864 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/30 03:21:49 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/09/24 21:34:49 | 000,001,815 | ---- | C] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/24 21:34:48 | 000,001,477 | ---- | C] () -- C:\Users\Administrator\Desktop\williams-cp.tpl
[2010/09/18 19:18:06 | 000,191,852 | ---- | C] () -- C:\Users\Administrator\Desktop\Untitled.png
[2010/09/18 17:53:47 | 000,005,310 | ---- | C] () -- C:\Users\Administrator\Desktop\OTL09182010_174441
[2010/08/31 12:58:07 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2010/08/31 12:54:04 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010/08/30 20:23:19 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 17:26:33 | 000,525,824 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/08/30 03:21:49 | 000,000,864 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/30 03:21:49 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/08/16 01:48:22 | 000,000,565 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\myMPQ.ini
[2010/08/01 17:49:48 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/07/16 22:04:13 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/07/16 22:04:13 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/05/17 13:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/05/17 13:07:37 | 000,000,594 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/16 13:16:13 | 000,023,878 | ---- | C] () -- C:\Windows\Notepad2.ini
[2010/05/16 12:42:16 | 000,000,034 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.log
[2010/05/16 12:37:42 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/05/16 12:37:42 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/05/16 12:37:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/05/16 12:37:40 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/05/16 01:23:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/03 00:27:17 | 000,000,140 | ---- | C] () -- C:\Windows\powerlist.ini
[2010/03/03 00:27:16 | 000,000,998 | ---- | C] () -- C:\Windows\psnetwork.ini
[2010/03/03 00:27:16 | 000,000,832 | ---- | C] () -- C:\Windows\powerplayer.ini
[2010/02/18 22:03:11 | 000,000,025 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\bdfvconp.ini
[2010/02/14 22:58:12 | 000,000,031 | ---- | C] () -- C:\Windows\warhead.ini
[2010/02/11 23:13:43 | 000,010,240 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/07 00:47:14 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/02/05 09:22:06 | 000,000,009 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pwpe_wiki_ini.conf
[2010/02/04 05:11:31 | 000,007,611 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2010/02/03 05:59:37 | 000,000,115 | ---- | C] () -- C:\Windows\fzwmb.INI
[2010/02/03 05:58:19 | 001,361,332 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/03 04:53:06 | 000,001,173 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\vso_ts_preview.xml
[2010/02/03 04:52:41 | 000,099,384 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\inst.exe
[2010/02/03 04:52:41 | 000,007,859 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.cat
[2010/02/03 04:52:41 | 000,001,167 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.inf
[2010/02/03 04:49:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/02/03 05:40:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2010/02/03 04:17:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Application Data
[2010/02/05 04:07:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\kingsoft
[2010/05/17 22:50:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010/03/03 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ppStream
[2010/08/28 19:08:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\rockbox.org
[2010/05/16 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SaaYaa
[2010/05/17 01:42:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sinvise Systems
[2010/08/21 14:28:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUpMedia
[2010/09/25 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2010/07/29 22:34:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2010/06/01 12:25:51 | 000,032,702 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/25 19:50:50 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\Windows 7 Manager Live Update.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2010/07/26 11:40:32 | 000,001,340 | ---- | M] ()(C:\Users\Administrator\Desktop\Prince of Persia The Forgotten Sands?.lnk) -- C:\Users\Administrator\Desktop\Prince of Persia The Forgotten Sands.lnk
[2010/07/26 11:40:32 | 000,001,340 | ---- | C] ()(C:\Users\Administrator\Desktop\Prince of Persia The Forgotten Sands?.lnk) -- C:\Users\Administrator\Desktop\Prince of Persia The Forgotten Sands.lnk
[2010/07/26 11:40:06 | 000,000,220 | ---- | M] ()(C:\Users\Administrator\Desktop\Need for Speed? SHIFT.lnk) -- C:\Users\Administrator\Desktop\Need for Speed SHIFT.lnk
[2010/07/26 11:40:06 | 000,000,220 | ---- | C] ()(C:\Users\Administrator\Desktop\Need for Speed? SHIFT.lnk) -- C:\Users\Administrator\Desktop\Need for Speed SHIFT.lnk
< End of report >


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:28 AM

Posted 25 September 2010 - 04:30 PM

FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.3
FF - prefs.js..extensions.enabledItems: info@priceblink.com:1.1

Are these entries above anything to do with you?


Posted Image
m0le is a proud member of UNITE

#15 J0kes

J0kes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 25 September 2010 - 10:00 PM

Priceblink is an addon for Firefox that finds you cheaper deals when you're shopping for stuff.
I also use an addon called InvisibleHand, I assume that's associated with former entry?

Neither of these are all that useful, do you think there's a problem with them?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users