Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected virus / malware / trojan or some other bugger


  • Please log in to reply
6 replies to this topic

#1 Meekook

Meekook

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 13 September 2010 - 04:28 AM

___________________

Spent two hours w/Norton support running their software scans - still occasionally getting Google notice asking if I am human. Well, that is questionable, but I was able to read their CAPCHA two or three times, still locked out from searching and Gmail account.
Google says they are getting automated requests from my IP.

Ran both IE and Firefox, same problem on both.

Have two other laptops on same wifi system, can access Google and Gmail on both.

A couple of times, got a redirect to some porn site while using Yahoo. And once or twice other re-directs occurred to unrelated sites.

Ran Malwarebytes' Anti-Malware, twice. No malicious malware detected.

"GMER hasn't found any system modification"

Not sure this matters, but I reside in Korea. I did not visit any porn sites. I did use P2P torrents.

Any help much appreciated in advance.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Charles at 18:00:24.92 on Mon 09/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2236 [GMT 9:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wbengine.exe
C:\windows\System32\vds.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Charles\Downloads\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.6.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.6.0.32\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~4\office12\GR469A~1.DLL
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files (x86)\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.6.0.32\coIEPlg.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ToshibaServiceStation] "c:\program files (x86)\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "c:\program files (x86)\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [Korean IME Migration] c:\progra~2\common~1\micros~1\ime12\imekr\IMKRMIG.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~4\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~4\office12\GR469A~1.DLL
IFEO: image file execution options - svchost.exe
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\partner\Partner64.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
mRun-x64: [(Default)]
mRun-x64: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent64.exe
mRun-x64: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\charles\appdata\roaming\mozilla\firefox\profiles\axlh94n1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://us.mc505.mail.yahoo.com/mc/welcome?.gx=1&.tm=1283932360&.rand=duu506ei4e2bq
FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files (x86)\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-9-13 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-9-13 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20100810.004\BHDrvx64.sys [2010-8-10 945200]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-9-13 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20100909.001\IDSviA64.sys [2010-9-12 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-9-13 150064]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-11 202752]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-9-13 126392]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\norton pc checkup\engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-6-11 103792]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\norton pc checkup\engine\2.0.3.198\ccSvcHst.exe [2010-6-11 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2010-2-26 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\common files\realtime soft\ultramonmirrordrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-6-11 6403072]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-6-11 188928]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2009-2-13 292864]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-6-11 35008]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-16 12800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-6-11 946688]
R3 SYMTDIV;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1106000.020\symtdiv.sys [2010-9-12 451120]
R3 TMachInfo;TMachInfo;c:\program files (x86)\toshiba\toshiba service station\TMachInfo.exe [2010-6-11 51512]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-2-24 835952]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-8-29 135664]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x64.sys [2010-2-23 75304]
S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-3-24 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-11 239136]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-6 137560]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-29 1255736]

=============== Created Last 30 ================

2010-09-13 08:58:43 0 ----a-w- c:\users\charles\defogger_reenable
2010-09-12 08:13:08 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-09-12 08:13:08 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-09-12 08:13:08 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-09-12 08:13:02 0 d-----w- c:\program files\Symantec
2010-09-12 08:13:02 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-12 08:12:36 0 d-----w- c:\windows\system32\drivers\NISx64
2010-09-12 08:12:34 0 d-----w- c:\program files (x86)\Norton Internet Security
2010-09-12 06:17:31 426442752 ----a-w- C:\NBRT.iso
2010-09-12 06:11:47 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-12 06:11:47 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2010-09-12 06:11:47 107368 ----a-r- c:\windows\syswow64\GEARAspi.dll
2010-09-12 06:11:27 0 d-----w- c:\windows\system32\drivers\NBRTWizardx64
2010-09-12 06:11:27 0 d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2010-09-12 04:25:14 0 d-----w- c:\programdata\Google Updater
2010-09-12 00:43:47 0 d-----w- c:\users\charles\appdata\roaming\TS3Client
2010-09-12 00:42:31 0 d-----w- c:\program files (x86)\TeamSpeak 3 Client
2010-09-11 22:53:42 0 ----a-w- c:\users\charles\ipconfig
2010-09-11 22:02:37 0 d-----w- c:\users\charles\appdata\roaming\Malwarebytes
2010-09-11 22:02:25 0 d-----w- c:\programdata\Malwarebytes
2010-09-11 22:02:24 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 22:02:24 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-11 21:52:35 0 d-----w- C:\_OTM
2010-09-11 20:52:40 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2010-09-11 05:51:01 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-09-10 22:53:23 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-09-10 22:51:55 0 d-----r- c:\program files (x86)\Skype
2010-09-10 22:51:52 0 d-----w- c:\programdata\Skype
2010-09-10 09:14:20 0 ----a-w- c:\windows\system32\?????
2010-09-10 07:03:00 0 d-----w- c:\programdata\WinZip
2010-09-10 06:55:51 0 d-----w- c:\programdata\BitDefender
2010-09-10 06:31:32 0 d-----w- c:\users\charles\appdata\roaming\QuickScan
2010-09-10 06:31:12 541521 ----a-w- c:\programdata\bdinstall.bin
2010-09-09 22:16:34 0 d-sh--w- c:\programdata\MSUTGUZS
2010-09-09 22:16:16 0 d-sh--w- c:\programdata\5d46039
2010-09-08 20:46:47 0 d-----w- c:\users\charles\appdata\roaming\Realtime Soft
2010-09-08 20:46:44 0 d-----w- c:\programdata\Realtime Soft
2010-09-08 20:46:44 0 d-----w- c:\program files\UltraMon
2010-09-08 20:46:44 0 d-----w- c:\program files (x86)\common files\Realtime Soft
2010-09-08 09:09:44 0 d-----w- c:\program files (x86)\uTorrent
2010-09-08 09:08:49 0 d-----w- c:\users\charles\appdata\roaming\uTorrent
2010-08-28 21:51:30 0 d-----w- c:\windows\syswow64\Wat
2010-08-28 21:51:30 0 d-----w- c:\windows\system32\Wat
2010-08-28 16:44:49 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-08-28 16:44:49 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-08-28 16:44:49 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-28 16:44:49 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-08-28 16:44:49 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-28 16:44:49 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-08-28 16:44:49 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-08-28 16:44:49 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-08-28 16:44:49 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-08-28 16:44:49 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-26 16:31:29 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-08-26 16:28:14 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-08-26 16:28:14 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-08-26 16:28:14 139264 ----a-w- c:\windows\system32\cabview.dll
2010-08-26 16:28:14 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-08-24 11:57:56 0 d-----w- c:\users\charles\appdata\roaming\Tific
2010-08-24 11:32:04 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2010-08-24 11:31:44 0 d-----w- c:\users\charles\appdata\roaming\WinBatch

==================== Find3M ====================

2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:01:02.63 ===============

Attached Files


Edited by Meekook, 13 September 2010 - 04:34 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:22 AM

Posted 19 September 2010 - 05:40 PM

Hello Meekook

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Meekook

Meekook
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 19 September 2010 - 06:40 PM

_______________________

kahdah, hello

Glad you are working in this, as I have tried for the last five days to remove the little bugger.

DrWeb CureIt found some infectious items, but I was not able to remove them.

I'll work on your items above and get back asap.

Thanks much.

Meekook

OTL logfile created on: 9/20/2010 8:43:12 AM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Charles\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.55 Gb Total Space | 249.11 Gb Free Space | 86.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 138.48 Gb Free Space | 59.46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHARLES-PC
Current User Name: Charles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Charles\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Charles\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\UltraMon\RTSUltraMonHookX32.dll (Realtime Soft Ltd)
MOD - C:\Program Files\UltraMon\UltraMonResButtons.dll (Realtime Soft Ltd)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (Symantec Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100919.003\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100919.003\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100901.003\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100917.001\IDSviA64.sys (Symantec Corporation)
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...A&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://us.mc505.mail.yahoo.com/mc/welcome?.gx=1&.tm=1283932360&.rand=duu506ei4e2bq"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.8.7
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/09/15 20:52:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/09/12 17:13:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/18 13:43:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/18 13:43:36 | 000,000,000 | ---D | M]

[2010/09/08 16:41:08 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Mozilla\Extensions
[2010/09/08 16:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/20 06:47:21 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\axlh94n1.default\extensions
[2010/09/09 06:24:12 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\axlh94n1.default\extensions\foxmarks@kei.com
[2010/09/11 07:52:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/18 13:43:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/11 07:52:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/18 13:43:29 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/18 13:43:29 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/18 13:43:33 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/09/18 13:43:33 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/18 13:43:34 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/09/18 13:43:34 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/18 13:43:34 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/09/18 13:43:34 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/09/18 13:43:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/18 13:43:34 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/09/10 07:47:21 | 000,002,733 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 217.23.7.114 www.google.com
O1 - Hosts: 217.23.7.114 google.com
O1 - Hosts: 217.23.7.114 google.com.au
O1 - Hosts: 217.23.7.114 www.google.com.au
O1 - Hosts: 217.23.7.114 google.be
O1 - Hosts: 217.23.7.114 www.google.be
O1 - Hosts: 217.23.7.114 google.com.br
O1 - Hosts: 217.23.7.114 www.google.com.br
O1 - Hosts: 217.23.7.114 google.ca
O1 - Hosts: 217.23.7.114 www.google.ca
O1 - Hosts: 37 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Korean IME Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Korean IME Migration] C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: OneNote로 보내기 - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote로 보내기 - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 219.250.36.130 210.220.163.82
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2010/09/19 15:57:33 | 000,000,000 | ---D | C] -- C:\Users\Charles\DoctorWeb
[2010/09/19 15:30:00 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/19 15:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/19 15:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/19 15:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/18 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\dvdcss
[2010/09/18 17:56:00 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\IObit
[2010/09/18 17:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/09/17 19:00:31 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\vlc
[2010/09/17 19:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/09/16 17:41:36 | 000,614,400 | ---- | C] (WinMain Software (http://www.winmain.com)) -- C:\windows\SysWow64\cmax40.dll
[2010/09/16 17:41:36 | 000,471,040 | ---- | C] (VideoSoft) -- C:\windows\SysWow64\Vsflex7.ocx
[2010/09/16 17:41:36 | 000,425,984 | ---- | C] (VideoSoft) -- C:\windows\SysWow64\Vsflex7L.ocx
[2010/09/16 17:41:36 | 000,349,224 | ---- | C] (Infragistics, Inc.) -- C:\windows\SysWow64\IGThreed40.ocx
[2010/09/16 17:41:36 | 000,159,744 | ---- | C] (Desaware, Inc.) -- C:\windows\SysWow64\dwStg.dll
[2010/09/16 17:41:36 | 000,127,488 | ---- | C] (Teebo Software Solutions) -- C:\windows\SysWow64\tssTaskPane1a.ocx
[2010/09/16 17:41:36 | 000,053,248 | ---- | C] (WorkSaver Software) -- C:\windows\SysWow64\TinyDB6.ocx
[2010/09/16 17:41:35 | 001,668,096 | ---- | C] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll
[2010/09/16 17:41:35 | 001,208,320 | ---- | C] (Plasmatech Software Design) -- C:\windows\SysWow64\PTxSCP.ocx
[2010/09/16 17:41:35 | 001,121,528 | ---- | C] (Connected Software, Inc.) -- C:\windows\SysWow64\MagicCtl.dll
[2010/09/16 17:41:35 | 000,921,600 | ---- | C] (Infacta Ltd.) -- C:\windows\SysWow64\GMHTMLEditor.ocx
[2010/09/16 17:41:35 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscomct2.ocx
[2010/09/16 17:41:35 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\comctl32.ocx
[2010/09/16 17:41:35 | 000,492,768 | ---- | C] (Infragistics, Inc.) -- C:\windows\SysWow64\IGToolBars50.ocx
[2010/09/16 17:41:35 | 000,315,400 | ---- | C] (VBGold Software) -- C:\windows\SysWow64\sprinter.ocx
[2010/09/16 17:41:35 | 000,299,008 | ---- | C] (Infragistics, Inc.) -- C:\windows\SysWow64\IGTabs40.ocx
[2010/09/16 17:41:35 | 000,194,248 | ---- | C] (Infragistics, Inc.) -- C:\windows\SysWow64\IGScroll40.ocx
[2010/09/16 17:41:35 | 000,181,960 | ---- | C] (Infragistics, Inc.) -- C:\windows\SysWow64\IGSplitter40.ocx
[2010/09/16 17:41:35 | 000,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\windows\SysWow64\wspell.ocx
[2010/09/16 17:41:35 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\comdlg32.ocx
[2010/09/16 17:41:35 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSINET.OCX
[2010/09/16 17:41:35 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msstkprp.dll
[2010/09/16 17:41:35 | 000,081,920 | ---- | C] (ADMINSYSTEM) -- C:\windows\SysWow64\ANSSLPLUS.dll
[2010/09/16 17:41:35 | 000,061,440 | ---- | C] (Think Technologies Inc.) -- C:\windows\SysWow64\ThinkFTPCMSUpload.ocx
[2010/09/16 17:41:34 | 001,011,712 | ---- | C] (Chilkat Software, Inc.) -- C:\windows\SysWow64\chilkatxml.dll
[2010/09/16 17:41:34 | 000,511,848 | ---- | C] (Infacta Ltd.) -- C:\windows\SysWow64\gmgrpman.dll
[2010/09/16 17:41:34 | 000,487,424 | ---- | C] (Sequiter Software Inc.) -- C:\windows\SysWow64\infCB.dll
[2010/09/16 17:41:34 | 000,364,544 | ---- | C] (AdminSystem Software Limited) -- C:\windows\SysWow64\ANPOP.dll
[2010/09/16 17:41:34 | 000,327,680 | ---- | C] (AdminSystem Software Limited) -- C:\windows\SysWow64\AOSMTP.dll
[2010/09/16 17:41:34 | 000,311,296 | ---- | C] (AdminSystem Software Limited) -- C:\windows\SysWow64\AOSMTPEX.dll
[2010/09/16 17:41:34 | 000,302,952 | ---- | C] (Infacta Ltd.) -- C:\windows\SysWow64\GMAccMan.dll
[2010/09/16 17:41:34 | 000,261,992 | ---- | C] (Infacta Ltd.) -- C:\windows\SysWow64\GMMailer.dll
[2010/09/16 17:41:34 | 000,208,896 | ---- | C] (infacta Ltd.) -- C:\windows\SysWow64\infGMUI.ocx
[2010/09/16 17:41:34 | 000,171,880 | ---- | C] (Infacta Ltd.) -- C:\windows\SysWow64\infgdbcb.dll
[2010/09/16 17:41:34 | 000,094,056 | ---- | C] (Infacta Ltd.) -- C:\windows\SysWow64\GMSigMan.dll
[2010/09/16 17:41:34 | 000,094,056 | ---- | C] (Infacta Ltd.) -- C:\windows\SysWow64\gmnamfld.dll
[2010/09/16 17:41:34 | 000,073,576 | ---- | C] (Infacta Ltd.) -- C:\windows\SysWow64\GMMesCom.dll
[2010/09/16 17:41:34 | 000,049,000 | ---- | C] (Infacta Ltd.) -- C:\windows\SysWow64\GMPaths.dll
[2010/09/16 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Infacta
[2010/09/16 17:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GroupMail 5
[2010/09/16 13:10:52 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\FileZilla
[2010/09/16 13:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/09/16 13:07:09 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Notepad++
[2010/09/16 13:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/09/16 06:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/09/16 05:55:37 | 000,000,000 | R--D | C] -- C:\Users\Charles\Desktop\norton
[2010/09/16 05:53:25 | 000,000,000 | ---D | C] -- C:\Users\Charles\Desktop\malware
[2010/09/15 17:56:38 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iertutil.dll
[2010/09/15 17:55:57 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2010/09/15 17:55:56 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2010/09/13 05:19:16 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys
[2010/09/13 05:19:16 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys
[2010/09/13 05:19:16 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys
[2010/09/13 05:19:16 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys
[2010/09/13 05:19:16 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys
[2010/09/13 05:19:15 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys
[2010/09/13 05:19:15 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys
[2010/09/13 05:19:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1107000.00C
[2010/09/12 17:13:08 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/09/12 17:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/09/12 17:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/09/12 17:12:36 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2010/09/12 17:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/09/12 15:11:47 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll
[2010/09/12 15:11:47 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll
[2010/09/12 15:11:47 | 000,034,152 | R--- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2010/09/12 15:11:47 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2010/09/12 15:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2010/09/12 15:11:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NBRTWizardx64
[2010/09/12 15:11:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NBRTWizardx64\0300000.042
[2010/09/12 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\NPE
[2010/09/12 13:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/09/12 09:43:47 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\TS3Client
[2010/09/12 09:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2010/09/12 08:08:08 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\ElevatedDiagnostics
[2010/09/12 07:02:37 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Malwarebytes
[2010/09/12 07:02:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/12 07:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/12 07:02:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/09/12 07:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/12 06:53:24 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\CrashDumps
[2010/09/12 06:52:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/09/12 05:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/09/11 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/09/11 14:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/09/11 14:50:05 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Microsoft Help
[2010/09/11 14:46:47 | 000,000,000 | ---D | C] -- C:\Users\Charles\Desktop\Microsoft Office 2007
[2010/09/11 07:53:23 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\skypePM
[2010/09/11 07:52:24 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Skype
[2010/09/11 07:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/09/11 07:51:55 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/09/11 07:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/09/10 16:03:52 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\WinZip
[2010/09/10 16:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/09/10 16:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/09/10 15:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010/09/10 15:31:32 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\QuickScan
[2010/09/10 07:16:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\MSUTGUZS
[2010/09/10 07:16:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\5d46039
[2010/09/10 07:15:33 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Adobe
[2010/09/09 05:46:47 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Realtime Soft
[2010/09/09 05:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\UltraMon
[2010/09/09 05:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtime Soft
[2010/09/09 05:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Realtime Soft
[2010/09/08 18:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/09/08 18:08:49 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\uTorrent
[2010/09/08 16:40:53 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Mozilla
[2010/09/08 16:40:53 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Mozilla
[2010/09/08 16:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/30 01:37:08 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Microsoft Games
[2010/08/29 06:51:30 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2010/08/29 06:51:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2010/08/29 01:44:49 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll
[2010/08/29 01:44:49 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll
[2010/08/29 01:44:49 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHost.exe
[2010/08/29 01:44:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHost.exe
[2010/08/29 01:44:49 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHostProxy.dll
[2010/08/29 01:44:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHostProxy.dll
[2010/08/29 01:44:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netfxperf.dll
[2010/08/29 01:44:49 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netfxperf.dll
[2010/08/29 01:44:36 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\TOSHIBA_Corporation
[2010/08/27 01:32:44 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2010/08/27 01:32:44 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vbscript.dll
[2010/08/27 01:32:27 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2010/08/27 01:32:26 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2010/08/27 01:32:26 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2010/08/27 01:32:18 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2010/08/27 01:32:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2010/08/27 01:32:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2010/08/27 01:32:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2010/08/27 01:32:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2010/08/27 01:32:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2010/08/27 01:32:16 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rtutils.dll
[2010/08/27 01:32:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rtutils.dll
[2010/08/27 01:32:11 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\SysWow64\iccvid.dll
[2010/08/27 01:32:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2010/08/27 01:32:06 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2010/08/27 01:32:05 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2010/08/27 01:32:05 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2010/08/27 01:32:05 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2010/08/27 01:32:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2010/08/27 01:28:14 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2010/08/27 01:28:14 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wintrust.dll
[2010/08/27 01:28:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cabview.dll
[2010/08/27 01:28:14 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cabview.dll
[2010/08/24 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Tific
[2010/08/24 20:57:56 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Tific
[2010/08/24 20:57:56 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Macromedia
[2010/08/24 20:57:56 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Adobe
[2010/08/24 20:48:13 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Toshiba
[2010/08/24 20:35:40 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Diagnostics
[2010/08/24 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Google
[2010/08/24 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Google
[2010/08/24 20:33:25 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\ATI
[2010/08/24 20:33:25 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\ATI
[2010/08/24 20:32:46 | 000,000,000 | R--D | C] -- C:\Users\Charles\Searches
[2010/08/24 20:32:46 | 000,000,000 | -H-D | C] -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/24 20:32:34 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Identities
[2010/08/24 20:32:32 | 000,000,000 | R--D | C] -- C:\Users\Charles\Contacts
[2010/08/24 20:32:30 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\VirtualStore
[2010/08/24 20:31:44 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\WinBatch
[2010/08/24 20:31:08 | 000,000,000 | --SD | C] -- C:\Users\Charles\AppData\Roaming\Microsoft
[2010/08/24 20:31:08 | 000,000,000 | R--D | C] -- C:\Users\Charles\Videos
[2010/08/24 20:31:08 | 000,000,000 | R--D | C] -- C:\Users\Charles\Saved Games
[2010/08/24 20:31:08 | 000,000,000 | R--D | C] -- C:\Users\Charles\Pictures
[2010/08/24 20:31:08 | 000,000,000 | R--D | C] -- C:\Users\Charles\Music
[2010/08/24 20:31:08 | 000,000,000 | R--D | C] -- C:\Users\Charles\Links
[2010/08/24 20:31:08 | 000,000,000 | R--D | C] -- C:\Users\Charles\Favorites
[2010/08/24 20:31:08 | 000,000,000 | R--D | C] -- C:\Users\Charles\Downloads
[2010/08/24 20:31:08 | 000,000,000 | R--D | C] -- C:\Users\Charles\My Documents
[2010/08/24 20:31:08 | 000,000,000 | R--D | C] -- C:\Users\Charles\Desktop
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\AppData\Local\Temporary Internet Files
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\Templates
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\Start Menu
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\SendTo
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\Recent
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\PrintHood
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\NetHood
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\Documents\My Videos
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\Documents\My Pictures
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\Documents\My Music
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\My Documents
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\Local Settings
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\AppData\Local\History
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\Cookies
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\Application Data
[2010/08/24 20:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Charles\AppData\Local\Application Data
[2010/08/24 20:31:08 | 000,000,000 | -H-D | C] -- C:\Users\Charles\AppData
[2010/08/24 20:31:08 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Temp
[2010/08/24 20:31:08 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Microsoft
[2010/08/24 20:31:08 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2010/09/20 08:43:48 | 002,097,152 | -HS- | M] () -- C:\Users\Charles\NTUSER.DAT
[2010/09/20 07:49:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/20 06:18:32 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/09/20 06:18:32 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/09/20 06:18:32 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/09/20 06:17:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/09/19 19:59:17 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 19:59:17 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/19 19:54:25 | 000,000,880 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2010/09/19 19:52:16 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 19:52:16 | 000,000,398 | ---- | M] () -- C:\windows\tasks\AWC Startup.job
[2010/09/19 19:51:54 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/09/19 19:51:30 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 19:49:49 | 002,113,384 | -H-- | M] () -- C:\Users\Charles\AppData\Local\IconCache.db
[2010/09/19 15:29:54 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/09/19 09:39:23 | 001,156,960 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
[2010/09/18 08:13:22 | 000,009,975 | ---- | M] () -- C:\Users\Charles\Documents\search_engine_optimization.docx
[2010/09/17 19:00:26 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/09/17 18:42:54 | 000,005,098 | ---- | M] () -- C:\Users\Charles\Desktop\keyword_ideas_20100917_1842166-01.csv
[2010/09/16 17:41:45 | 000,015,854 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\unins000.dat
[2010/09/16 17:41:37 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\GroupMail 5.lnk
[2010/09/16 17:40:55 | 000,683,801 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\unins000.exe
[2010/09/16 15:59:53 | 002,060,193 | ---- | M] () -- C:\Users\Charles\Desktop\IMG_1115.JPG
[2010/09/16 15:58:24 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/16 13:11:50 | 000,001,859 | ---- | M] () -- C:\Users\Charles\Desktop\FileZilla FTP Client - Shortcut.lnk
[2010/09/16 13:07:11 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/09/16 05:48:15 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/13 17:58:43 | 000,000,000 | ---- | M] () -- C:\Users\Charles\defogger_reenable
[2010/09/12 17:13:02 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/09/12 17:13:02 | 000,007,440 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/09/12 17:13:02 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/12 15:17:36 | 426,442,752 | ---- | M] () -- C:\NBRT.iso
[2010/09/12 09:42:33 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/09/12 07:55:13 | 000,000,000 | ---- | M] () -- C:\Users\Charles\ipconfig
[2010/09/11 17:54:25 | 000,483,040 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/09/11 16:03:05 | 000,118,184 | ---- | M] () -- C:\Users\Charles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/11 14:50:24 | 000,000,478 | ---- | M] () -- C:\windows\win.ini
[2010/09/11 07:53:23 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/09/11 07:51:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/10 18:14:22 | 000,541,521 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2010/09/10 15:40:31 | 000,001,834 | ---- | M] () -- C:\Users\Charles\Documents\torrent_instructions.rtf
[2010/09/10 07:47:21 | 000,002,733 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2010/09/09 05:46:45 | 000,002,585 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2010/09/08 16:40:50 | 000,001,974 | ---- | M] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/08 16:40:50 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/31 14:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iertutil.dll
[2010/08/29 01:44:39 | 000,524,288 | -HS- | M] () -- C:\Users\Charles\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/08/29 01:44:39 | 000,524,288 | -HS- | M] () -- C:\Users\Charles\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/08/29 01:44:39 | 000,065,536 | -HS- | M] () -- C:\Users\Charles\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/08/24 20:34:01 | 000,001,448 | ---- | M] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/24 20:32:04 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2010/08/24 20:31:08 | 000,000,020 | -HS- | M] () -- C:\Users\Charles\ntuser.ini
[2010/08/24 20:28:29 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2010/08/24 20:28:29 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2010/09/19 15:29:54 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/09/18 17:56:12 | 000,000,398 | ---- | C] () -- C:\windows\tasks\AWC Startup.job
[2010/09/18 08:13:21 | 000,009,975 | ---- | C] () -- C:\Users\Charles\Documents\search_engine_optimization.docx
[2010/09/17 19:00:25 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/09/17 18:42:54 | 000,005,098 | ---- | C] () -- C:\Users\Charles\Desktop\keyword_ideas_20100917_1842166-01.csv
[2010/09/16 17:41:37 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\GroupMail 5.lnk
[2010/09/16 17:41:36 | 000,000,576 | ---- | C] () -- C:\windows\SysWow64\GMHTMLEditor.ocx.manifest
[2010/09/16 17:41:35 | 000,396,288 | ---- | C] () -- C:\windows\SysWow64\o2DirSpyX.ocx
[2010/09/16 17:41:35 | 000,018,138 | ---- | C] () -- C:\windows\SysWow64\Wspelldlg.hlp
[2010/09/16 17:41:35 | 000,000,232 | ---- | C] () -- C:\windows\SysWow64\WSpellDlg.cnt
[2010/09/16 17:41:33 | 000,683,801 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\unins000.exe
[2010/09/16 17:41:33 | 000,015,854 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\unins000.dat
[2010/09/16 15:59:53 | 002,060,193 | ---- | C] () -- C:\Users\Charles\Desktop\IMG_1115.JPG
[2010/09/16 15:58:24 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/16 13:11:50 | 000,001,859 | ---- | C] () -- C:\Users\Charles\Desktop\FileZilla FTP Client - Shortcut.lnk
[2010/09/16 13:07:11 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/09/16 05:48:15 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/15 17:49:25 | 001,156,960 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
[2010/09/13 17:58:43 | 000,000,000 | ---- | C] () -- C:\Users\Charles\defogger_reenable
[2010/09/13 05:19:16 | 000,007,829 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symefa64.cat
[2010/09/13 05:19:16 | 000,007,787 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symnetv64.cat
[2010/09/13 05:19:16 | 000,007,414 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.cat
[2010/09/13 05:19:16 | 000,007,410 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.cat
[2010/09/13 05:19:16 | 000,007,406 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symds64.cat
[2010/09/13 05:19:16 | 000,007,368 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symnet64.cat
[2010/09/13 05:19:16 | 000,003,373 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symefa.inf
[2010/09/13 05:19:16 | 000,002,793 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symds.inf
[2010/09/13 05:19:16 | 000,001,473 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symnetv.inf
[2010/09/13 05:19:16 | 000,001,445 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\symnet.inf
[2010/09/13 05:19:16 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.inf
[2010/09/13 05:19:16 | 000,001,421 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.inf
[2010/09/13 05:19:15 | 000,007,402 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\iron.cat
[2010/09/13 05:19:15 | 000,007,358 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.cat
[2010/09/13 05:19:15 | 000,001,838 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.inf
[2010/09/13 05:19:15 | 000,000,771 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\iron.inf
[2010/09/13 05:19:02 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini
[2010/09/12 17:13:08 | 000,007,440 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/09/12 17:13:08 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/09/12 15:17:31 | 426,442,752 | ---- | C] () -- C:\NBRT.iso
[2010/09/12 15:11:27 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NBRTWizardx64\0300000.042\isolate.ini
[2010/09/12 13:25:13 | 000,000,880 | ---- | C] () -- C:\windows\tasks\Google Software Updater.job
[2010/09/12 09:42:33 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010/09/12 07:53:42 | 000,000,000 | ---- | C] () -- C:\Users\Charles\ipconfig
[2010/09/11 07:53:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/11 07:51:56 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/09/10 15:40:31 | 000,001,834 | ---- | C] () -- C:\Users\Charles\Documents\torrent_instructions.rtf
[2010/09/10 15:31:12 | 000,541,521 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/09/09 05:46:45 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2010/09/08 16:40:50 | 000,001,974 | ---- | C] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/08 16:40:50 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/29 01:44:33 | 000,000,898 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/29 01:44:32 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 20:34:01 | 000,001,448 | ---- | C] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/24 20:32:04 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2010/08/24 20:31:08 | 002,097,152 | -HS- | C] () -- C:\Users\Charles\NTUSER.DAT
[2010/08/24 20:31:08 | 000,524,288 | -HS- | C] () -- C:\Users\Charles\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/08/24 20:31:08 | 000,524,288 | -HS- | C] () -- C:\Users\Charles\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/08/24 20:31:08 | 000,262,144 | -HS- | C] () -- C:\Users\Charles\ntuser.dat.LOG1
[2010/08/24 20:31:08 | 000,065,536 | -HS- | C] () -- C:\Users\Charles\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/08/24 20:31:08 | 000,000,290 | ---- | C] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/24 20:31:08 | 000,000,272 | ---- | C] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/24 20:31:08 | 000,000,020 | -HS- | C] () -- C:\Users\Charles\ntuser.ini
[2010/08/24 20:31:08 | 000,000,000 | -HS- | C] () -- C:\Users\Charles\ntuser.dat.LOG2
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/14 06:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/16 13:11:08 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\FileZilla
[2010/09/18 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\IObit
[2010/09/16 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Notepad++
[2010/09/10 15:31:32 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\QuickScan
[2010/09/12 10:26:58 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Tific
[2010/08/29 07:01:09 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Toshiba
[2010/09/12 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TS3Client
[2010/09/18 17:08:14 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\uTorrent
[2010/08/24 20:31:44 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\WinBatch
[2010/09/19 19:52:16 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2009/07/14 14:08:49 | 000,009,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/14 10:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/24 09:42:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/09/19 19:51:30 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 15:17:36 | 426,442,752 | ---- | M] () -- C:\NBRT.iso
[2010/09/19 19:51:36 | 4021,182,464 | -HS- | M] () -- C:\pagefile.sys
[2010/06/11 20:30:59 | 000,000,047 | ---- | M] () -- C:\Status.log

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

========== Files - Unicode (All) ==========
[2010/09/10 18:14:20 | 000,000,000 | ---- | M] ()(C:\windows\SysNative\?????) -- C:\windows\SysNative\獷楬汢捯污
[2010/09/10 18:14:20 | 000,000,000 | ---- | C] ()(C:\windows\SysNative\?????) -- C:\windows\SysNative\獷楬汢捯污
< End of report >

Edited by Meekook, 19 September 2010 - 06:49 PM.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:22 AM

Posted 19 September 2010 - 07:14 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :Commands
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Reboot after that and see then if you still have the same symptoms.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Meekook

Meekook
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 19 September 2010 - 08:19 PM

Before I reboot:

========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.0 log created on 09202010_101814

#6 Meekook

Meekook
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 20 September 2010 - 05:37 AM

_______________________

kahdah, that seems to have taken care of the problem. I can use Google now w/o a redirect to Nederland Google and then elsewhere. I can access Gmail and my blog.

A giga byte of thanks.

Meekook

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:22 AM

Posted 20 September 2010 - 06:09 AM

You are welcome smile.gif

=====Cleanup======
  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.
===============Update Java===============

For your computer get the x64 bit version of Java.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
======================Clear out infected System Restore points======================
Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.


After that your all set.


===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...



===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware
superantispyware

===Free antivirus links===

This is antivirus and antispyware.
Microsoft Security Essentials
This is free antispyware protection and Antivirus protection.
AVG free 9.0
This is just antivirus protection.
Antivir
This is antivirus and antispyware protection.
Avast



Edited by kahdah, 20 September 2010 - 06:10 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users