Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove DAODx.exe and A0001005.exe files


  • This topic is locked This topic is locked
7 replies to this topic

#1 sh4rkbyt3

sh4rkbyt3

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 20 September 2010 - 08:27 PM

Earlier I found two files I was unable to remove from my system one was DAODx.exe and the other was allegedly quarantined by Dr. Web (A0001005.exe). I have run the DDS program as per the instructions I was given but I was unable to run GMER. GMER said that another program was using my C:\Windows\System32 program, earlier the message is C:\Windows\System32\config\system: The system cannot find the file specified and only 3 of the boxes were marked in GMER (servies, registry, files). I am using Windows 7 Ultimate in 64 bit if that matters?

Here is the DDS.txt copy file:

DDS (Ver_10-03-17.01) - NTFSX64
Run by Virus at 21:07:19.58 on Mon 09/20/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.6152 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Apricorn\SMART-ER\SMART-ER Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
C:\Windows\system32\AMBSpiE.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\DrWeb\spiderml.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DrWeb\spideragent.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Virus\AppData\Local\Temp\Temp2_FAH6.30-win32-SMP.zip\Folding@home-Win32-x86.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\FahCore_78.exe
C:\Program Files (x86)\Folding@home\Folding@home-x86\Folding@home.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cox\PowerDVDCox10.exe
C:\Program Files (x86)\Glary Utilities\memdefrag.exe
C:\Users\Virus\AppData\Roaming\Folding@home-x86\FahCore_78.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Virus\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office12\GR469A~1.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files (x86)\wot\WOT.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files (x86)\wot\WOT.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"
mRun: [VolPanel] "c:\program files (x86)\creative\sb x-fi mb\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [NUSB3MON] "c:\program files (x86)\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [Six Engine] "c:\program files (x86)\asus\epu\EPU.exe" -b
mRun: [TurboV EVO] "c:\program files\asus\turbov evo\TurboV_EVO.exe" -b
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [SpIDerMail] "c:\program files (x86)\drweb\spiderml.exe" -autorun
mRun: [SpIDerAgent] "c:\program files (x86)\drweb\SpIDerAgent.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [BCU] "c:\program files (x86)\devicevm\browser configuration utility\BCU.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Scan link by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
LSP: c:\program files (x86)\drweb\drwebsp.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~1\office12\GRA32A~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files (x86)\wot\WOT.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office12\GR469A~1.DLL
TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\virus\appdata\roaming\mozilla\firefox\profiles\lvq9uice.default\
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2010-9-16 159224]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2010-9-16 103416]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/09 15:43:33];c:\program files (x86)\cyberlink\powerdvd10\navfilter\000.fcl [2010-6-28 146928]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\emsisoft anti-malware\a2service.exe [2010-9-10 1935656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-16 203264]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-9-9 96896]
R2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\devicevm\browser configuration utility\BCUService.exe [2009-10-26 223464]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files (x86)\common files\doctor web\scanning engine\dwengine.exe [2010-6-21 1628504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-9-9 1153368]
R2 SMART-ERService;SMART-ER Service;c:\program files (x86)\apricorn\smart-er\SMART-ER Service.exe [2007-6-4 69632]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-9-19 1956136]
R3 a2acc;a2acc;c:\program files (x86)\emsisoft anti-malware\a2accx64.sys [2010-9-10 82696]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-9-16 7767040]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-16 279040]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools64.sys [2010-9-10 47160]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-7-15 116240]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\drivers\LGPBTDD.sys [2009-7-1 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28ux.sys [2009-8-5 987648]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-8-14 24064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-9-9 1301504]
R3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [2010-9-9 25600]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2010-3-17 401696]
S3 AODDriver;AODDriver;c:\program files (x86)\amd\overdrive\amd64\AODDriver.sys [2009-10-22 21048]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2010-9-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-9-9 79360]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys [2010-8-12 16928]
S3 LGDDCDevice;LGDDCDevice;c:\program files (x86)\lg soft india\fortemanager\bin\I2CDriver.sys [2010-9-9 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files (x86)\lg soft india\fortemanager\bin\PII2CDriver.sys [2010-9-9 18432]
S4 AODService;AODService;c:\program files (x86)\amd\overdrive\AODAssist.exe [2009-10-22 136544]

=============== Created Last 30 ================

2010-09-20 08:33:41 16636416 ----a-w- c:\windows\syswow64\FahCore_b4.exe
2010-09-19 21:34:08 2338816 ----a-w- c:\windows\syswow64\FahCore_78.exe
2010-09-19 21:34:02 7168 ----a-w- c:\windows\syswow64\queue.dat
2010-09-19 21:34:02 0 d-----w- c:\windows\syswow64\work
2010-09-19 21:34:01 5350 ----a-w- c:\windows\syswow64\MyFolding.html
2010-09-19 21:33:23 150 ----a-w- c:\windows\syswow64\client.cfg
2010-09-19 21:28:54 257562 ----a-w- c:\users\virus\FAH6.30-win32-SMP.zip
2010-09-19 16:31:41 0 d-----w- c:\users\virus\appdata\roaming\TeamViewer
2010-09-19 16:31:36 0 d-----w- c:\program files (x86)\TeamViewer
2010-09-17 04:01:31 0 d-----w- c:\windows\PCHEALTH
2010-09-17 04:00:14 0 d-----w- c:\program files\Microsoft Office
2010-09-17 04:00:10 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-09-17 03:59:10 0 d-----w- c:\programdata\Microsoft Help
2010-09-16 20:12:58 70992 ----a-w- c:\windows\syswow64\XAPOFX1_2.dll
2010-09-16 20:12:58 514384 ------w- c:\windows\syswow64\XAudio2_3.dll
2010-09-16 20:12:58 4379984 ----a-w- c:\windows\syswow64\D3DX9_40.dll
2010-09-16 20:12:57 68616 ----a-w- c:\windows\syswow64\XAPOFX1_1.dll
2010-09-16 20:12:57 509448 ----a-w- c:\windows\syswow64\XAudio2_2.dll
2010-09-16 20:12:57 23376 ----a-w- c:\windows\syswow64\X3DAudio1_5.dll
2010-09-16 20:12:56 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-09-16 20:12:55 25608 ----a-w- c:\windows\syswow64\X3DAudio1_4.dll
2010-09-16 20:12:54 81768 ----a-w- c:\windows\syswow64\xinput1_3.dll
2010-09-16 15:53:29 0 d-----w- c:\programdata\ATI
2010-09-16 15:51:00 4375552 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-09-16 15:51:00 338432 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-16 15:51:00 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-09-16 07:36:05 159224 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-09-16 07:36:04 103416 ----a-w- c:\windows\system32\drivers\spiderg3.sys
2010-09-16 07:35:58 0 d-----w- c:\programdata\Doctor Web
2010-09-16 07:35:58 0 d-----w- c:\program files (x86)\DrWeb
2010-09-16 07:35:58 0 d-----w- c:\program files (x86)\common files\Doctor Web
2010-09-15 18:05:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-15 17:58:45 0 d-----w- c:\program files (x86)\FileASSASSIN
2010-09-15 17:24:15 0 d-----w- c:\windows\pss
2010-09-15 17:05:42 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-15 17:05:40 0 d-----w- c:\programdata\!SASCORE
2010-09-15 16:44:36 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-15 16:39:21 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-15 16:39:19 0 d-----w- c:\programdata\Lavasoft
2010-09-15 16:39:19 0 d-----w- c:\program files (x86)\Lavasoft
2010-09-15 16:07:37 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 19:30:11 0 d-----w- c:\programdata\Apricorn
2010-09-14 19:30:08 0 d-----w- c:\program files (x86)\Apricorn
2010-09-13 00:21:47 7062 ----a-w- c:\windows\syswow64\audiopid.vxd
2010-09-13 00:09:41 647872 ------w- c:\windows\syswow64\Mscomct2.ocx
2010-09-13 00:09:41 53248 ------w- c:\windows\Ctregrun.exe
2010-09-13 00:09:04 0 d-----w- c:\programdata\Creative Labs
2010-09-13 00:07:50 0 d-----w- c:\program files\Creative
2010-09-13 00:07:31 0 d-----w- c:\program files (x86)\common files\Creative
2010-09-13 00:07:29 0 d--h--w- c:\program files (x86)\Creative Installation Information
2010-09-12 23:52:59 0 d-----w- c:\programdata\Creative
2010-09-12 18:53:22 0 d-----w- c:\users\virus\appdata\roaming\Foxit Software
2010-09-12 18:52:58 0 d-----w- c:\program files (x86)\Foxit Software
2010-09-12 00:54:52 0 d-----w- c:\program files (x86)\WOT
2010-09-11 22:55:12 0 d-----w- c:\users\virus\DoctorWeb
2010-09-10 13:27:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-09-10 12:46:05 0 d-----w- c:\users\virus\appdata\roaming\GlarySoft
2010-09-10 12:44:02 0 d-----w- c:\program files (x86)\Glary Utilities
2010-09-10 12:11:26 47160 ----a-w- c:\windows\system32\drivers\AmdTools64.sys
2010-09-10 12:11:25 0 d-----w- c:\program files (x86)\AMD GPU Clock Tool
2010-09-10 11:52:30 0 ----a-w- c:\windows\syswow64\config.nt
2010-09-10 11:50:31 38848 ----a-w- c:\windows\avastSS.scr
2010-09-10 11:50:31 167592 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-09-10 11:50:29 0 d-----w- c:\programdata\Alwil Software
2010-09-10 11:50:29 0 d-----w- c:\program files\Alwil Software
2010-09-10 10:59:24 0 d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2010-09-09 23:42:12 26624 ----a-r- c:\windows\syswow64\LGDispDrv.dll
2010-09-09 23:42:12 147456 ----a-r- c:\windows\syswow64\LgExport.dll
2010-09-09 23:42:12 0 d-----w- c:\programdata\InstallShield
2010-09-09 23:42:06 61440 ----a-w- c:\windows\syswow64\ISUSPM.cpl
2010-09-09 23:42:06 0 d-----w- c:\program files (x86)\LG Soft India
2010-09-09 23:11:51 15872 ----a-w- c:\windows\AsTaskSched.dll
2010-09-09 23:10:58 0 d-----w- c:\program files (x86)\AMD
2010-09-09 22:50:06 0 d--h--w- c:\program files (x86)\DeviceVM
2010-09-09 22:49:35 0 d-----w- c:\programdata\ASUS OC Profiles
2010-09-09 22:47:10 0 d-----w- c:\program files\ASUS
2010-09-09 22:45:09 0 d-----w- c:\windows\Panther
2010-09-09 22:44:12 0 d-----w- c:\windows\AsusInstAll
2010-09-09 22:43:46 670 ----a-w- c:\windows\setup.iss
2010-09-09 22:43:18 0 d-----w- c:\program files (x86)\NEC Electronics
2010-09-09 22:38:53 0 d-----w- c:\program files (x86)\Marvell
2010-09-09 22:37:03 315904 ----a-w- c:\windows\syswow64\Difx23e7.rra
2010-09-09 22:37:03 0 d-----w- C:\RaidTool
2010-09-09 22:35:42 0 d-----w- c:\program files (x86)\common files\Creative Labs Shared
2010-09-09 22:35:08 0 d-----w- c:\program files (x86)\Creative
2010-09-09 22:34:43 980480 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2010-09-09 22:34:27 0 d-----w- c:\program files (x86)\VIA
2010-09-09 22:32:26 24576 ----a-r- c:\windows\syswow64\AsIO.dll
2010-09-09 22:31:49 0 d-----w- c:\program files (x86)\ASUS
2010-09-09 22:30:44 1769 ----a-w- c:\windows\Language_trs.ini
2010-09-09 22:30:34 33292 ----a-w- c:\windows\Ascd_tmp.ini
2010-09-09 20:36:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2010-09-09 20:36:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2010-09-09 20:33:55 0 d-----w- c:\programdata\Logitech
2010-09-09 20:33:54 0 d-----w- c:\program files\Logitech
2010-09-09 20:13:16 0 d-----w- c:\program files (x86)\Steam
2010-09-09 20:13:16 0 d-----w- c:\program files (x86)\common files\Steam
2010-09-09 20:04:16 0 d-----w- c:\program files (x86)\common files\ATI Technologies
2010-09-09 20:04:13 0 d-----w- c:\program files (x86)\ATI
2010-09-09 20:02:23 0 d-----w- C:\ATI
2010-09-09 19:56:03 0 d-----w- c:\program files\common files\ATI Technologies
2010-09-09 19:55:43 0 d-----w- c:\program files (x86)\ATI Technologies
2010-09-09 19:55:21 0 d-----w- c:\program files\ATI Technologies
2010-09-09 19:55:18 0 d-----w- c:\program files\ATI
2010-09-09 19:54:25 0 d-----w- c:\program files (x86)\Diamond Multimedia Drivers
2010-09-09 19:50:27 0 d-----w- c:\users\virus\appdata\roaming\Folding@home-x86
2010-09-09 19:50:27 0 d-----w- c:\program files (x86)\Folding@home
2010-09-09 19:43:34 0 d-----w- c:\programdata\CyberLink
2010-09-09 19:43:23 0 d-----w- c:\program files (x86)\common files\CyberLink
2010-09-09 19:42:02 505128 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-09-09 19:42:02 353576 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-09-09 19:42:02 29480 ----a-w- c:\windows\syswow64\msxml3a.dll
2010-09-09 19:41:54 0 d-----w- c:\programdata\Temp
2010-09-09 19:34:11 0 d-----w- c:\windows\syswow64\Macromed
2010-09-09 19:31:32 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-09 19:29:09 0 d-----w- c:\program files (x86)\VS Revo Group
2010-09-09 19:26:20 0 d-----w- c:\program files\Defraggler
2010-09-09 19:23:10 0 d-----w- c:\program files (x86)\CCleaner
2010-09-09 19:17:53 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-09 19:17:53 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-09 19:16:32 0 d-----w- c:\users\virus\appdata\roaming\Malwarebytes
2010-09-09 19:16:27 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-09 19:16:27 0 d-----w- c:\programdata\Malwarebytes
2010-09-09 19:16:27 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-09 19:10:44 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-09 19:08:20 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-09-09 19:06:43 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-09 19:06:43 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-09-09 19:04:36 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-09-09 19:04:36 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-09-09 19:04:36 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-09 19:04:36 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-09-09 19:04:36 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-09 19:04:36 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-09-09 19:04:36 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-09-09 19:04:36 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-09-09 19:04:36 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-09-09 19:04:36 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-09 19:01:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-09-09 18:55:03 0 d-----w- c:\program files (x86)\Belkin
2010-09-09 18:54:45 0 d-sh--w- c:\windows\Installer
2010-09-09 18:54:44 0 d-----w- c:\windows\{0D59735E-1DA7-4E6D-B1CC-44A4F59FD0FD}
2010-09-09 18:54:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-09-09 18:50:57 0 d-sh--w- C:\Recovery

==================== Find3M ====================

2010-09-16 15:51:03 5425664 ----a-w- c:\windows\system32\aticaldd64.dll
2010-09-16 15:51:02 57344 ----a-w- c:\windows\system32\coinst.dll
2010-09-16 15:51:02 4602880 ----a-w- c:\windows\system32\atidxx64.dll
2010-09-16 15:51:00 3914240 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-09-09 22:36:38 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-09 22:36:38 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-09-09 22:36:38 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-09 22:36:38 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:08:04.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:59 PM

Posted 27 September 2010 - 08:17 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 27 September 2010 - 07:31 PM

Hi Elise, first off thank you so much for your help. The original drive that was posted was wiped because I had some important personal information that was on it but my backup drive is displaying similar problems. I had no other choice but to wipe the originally posted drive because of the time factor and the information that was involved. I am now posting the results of the backup drive. This is the drive I will be working from and I will not change it or add anything to it per your request and advice.
The RKUnhooker program was downloaded to my desktop and when I tried to run it it displayed the following erro message: "Error loading driver, NTSTATUS code:0xC000036B".

I was however succesful running the OTL program and I will attach the files here.

OTL logfile created on: 9/27/2010 8:13:40 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\v\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 79.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 889.60 Gb Free Space | 95.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: V-PC
Current User Name: v
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/27 20:13:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe
PRC - [2010/08/31 08:09:49 | 001,545,456 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files (x86)\DrWeb\spiderml.exe
PRC - [2010/07/29 13:26:38 | 001,251,056 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files (x86)\DrWeb\spideragent.exe
PRC - [2010/06/28 22:50:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/06/21 16:50:18 | 001,628,504 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2010/06/17 18:12:46 | 001,566,016 | ---- | M] () -- C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe
PRC - [2010/03/25 14:25:20 | 001,108,608 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/03/25 14:25:16 | 009,993,344 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/03/16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/12/28 09:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/11/02 20:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/07/07 13:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009/04/24 17:01:24 | 001,683,456 | ---- | M] () -- C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
PRC - [2009/03/30 10:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/22 23:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2004/04/13 06:07:18 | 000,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/09/27 20:13:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/03 21:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/26 23:53:16 | 003,323,912 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files (x86)\DrWeb\frwl_svc.exe -- (DrWebFwSvc)
SRV - [2010/09/06 22:19:04 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/09/05 22:10:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/09/05 22:10:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/21 16:50:18 | 001,628,504 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine) Dr.Web Scanning Engine (DrWebEngine)
SRV - [2009/12/28 09:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/02/22 23:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/26 23:53:16 | 000,122,872 | ---- | M] (Doctor Web) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\drwebaf.sys -- (DRWEBAF)
DRV:64bit: - [2010/09/26 23:53:16 | 000,102,904 | ---- | M] (Doctor Web) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DrWebPF.sys -- (DrWebPF)
DRV:64bit: - [2010/08/03 22:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/03 22:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/03 21:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/26 16:54:10 | 000,159,224 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:64bit: - [2010/07/19 13:41:54 | 000,103,416 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\spiderg3.sys -- (SpiderG3)
DRV:64bit: - [2010/07/15 08:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/03/17 06:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/03/02 07:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/29 04:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/09/30 06:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/30 23:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 06:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2010/06/28 22:50:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/06 22:43:06] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/04/24 16:03:10 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2009/04/24 16:03:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 8A 14 8A 57 4D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/09/06 20:53:57 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2010/09/26 22:49:12 | 000,419,497 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14473 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\system32\AmbRunE.DLL File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dr.Web Firewall] C:\Program Files (x86)\DrWeb\frwl_notify.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files (x86)\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [SpIDerMail] C:\Program Files (x86)\DrWeb\spiderml.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZvRemote.lnk = C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\DrWeb\drwebsp.dll (Doctor Web, Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{38892043-b95d-11df-9c4f-806e6f6e6963}\Shell\Option1\Command - "" = D:\HBCD\Wintools\Autorun.exe -- File not found
O33 - MountPoints2\{84e0f4e9-fef4-11d5-ae05-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{84e0f4e9-fef4-11d5-ae05-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/27 20:13:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe
[2010/09/27 20:10:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\v\Desktop\HJTInstall.exe
[2010/09/26 23:55:37 | 000,000,000 | ---D | C] -- C:\Users\v\DoctorWeb
[2010/09/26 23:55:36 | 000,159,224 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\dwprot.sys
[2010/09/26 23:55:34 | 000,103,416 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\spiderg3.sys
[2010/09/26 23:55:17 | 000,102,904 | ---- | C] (Doctor Web) -- C:\Windows\SysNative\drivers\DrWebPF.sys
[2010/09/26 23:55:16 | 000,122,872 | ---- | C] (Doctor Web) -- C:\Windows\SysNative\drivers\drwebaf.sys
[2010/09/26 23:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DrWeb
[2010/09/26 23:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2010/09/26 23:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Doctor Web
[2010/09/26 23:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/09/26 22:41:07 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/08 13:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/08 13:20:15 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/08 13:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/08 13:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/08 11:55:37 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\GlarySoft
[2010/09/08 11:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2010/09/08 10:33:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/07 23:55:26 | 000,000,000 | ---D | C] -- C:\Users\v\Documents\NeroVision
[2010/09/07 23:50:08 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Ahead
[2010/09/07 23:47:38 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\Ahead
[2010/09/07 23:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
[2010/09/07 23:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/09/07 23:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/09/07 23:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2010/09/07 22:33:53 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\WinRAR
[2010/09/07 22:02:13 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\TeamViewer
[2010/09/07 22:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010/09/07 21:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/09/07 21:50:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/09/07 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Apple
[2010/09/07 21:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/09/06 22:44:49 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Cyberlink
[2010/09/06 22:44:04 | 000,000,000 | ---D | C] -- C:\Users\v\Documents\CyberLink
[2010/09/06 22:44:04 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\CyberLink
[2010/09/06 22:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/09/06 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2010/09/06 22:41:39 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/09/06 22:41:39 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/09/06 22:41:39 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/09/06 22:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/09/06 22:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/09/06 22:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/09/06 22:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/09/06 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\ZeeVee
[2010/09/06 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\ZeeVee
[2010/09/06 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\Mozilla
[2010/09/06 20:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZeeVee
[2010/09/06 20:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOT
[2010/09/06 20:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/09/06 20:21:03 | 000,147,456 | R--- | C] (LG Soft India) -- C:\Windows\SysWow64\LgExport.dll
[2010/09/06 20:21:03 | 000,026,624 | R--- | C] (LG Soft India) -- C:\Windows\SysWow64\LGDispDrv.dll
[2010/09/06 20:20:58 | 000,061,440 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\SysWow64\ISUSPM.cpl
[2010/09/06 20:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Soft India
[2010/09/06 12:12:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATITool
[2010/09/06 11:40:01 | 000,000,000 | ---D | C] -- C:\Users\v\Desktop\ProbeII_V10488_XpVistaWin7
[2010/09/06 11:30:47 | 000,021,480 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys
[2010/09/06 11:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/09/06 10:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/09/06 10:38:35 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\Foxit Software
[2010/09/06 10:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/09/06 02:30:32 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/09/06 02:30:32 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/09/06 02:30:32 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/09/06 02:30:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/09/06 02:30:32 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/09/06 02:30:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/09/06 02:30:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/09/06 02:30:32 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/09/06 02:24:22 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/09/06 02:24:22 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/09/06 02:24:21 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/09/06 02:24:21 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/09/06 02:24:19 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/09/06 02:24:19 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/09/06 02:11:09 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/06 02:11:09 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/06 02:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/06 02:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/05 23:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/09/05 23:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010/09/05 23:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/09/05 23:27:06 | 000,000,000 | ---D | C] -- C:\ATI
[2010/09/05 23:27:00 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\Folding@home-x86
[2010/09/05 23:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Folding@home
[2010/09/05 23:11:50 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\Malwarebytes
[2010/09/05 23:11:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/05 23:11:45 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/05 23:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/05 23:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/05 23:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/05 23:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/05 22:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/09/05 22:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/09/05 22:23:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DeviceVM
[2010/09/05 22:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2010/09/05 22:23:03 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\Macromedia
[2010/09/05 22:23:02 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\Adobe
[2010/09/05 22:21:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/09/05 22:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010/09/05 22:18:42 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll
[2010/09/05 22:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2010/09/05 22:17:22 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Downloaded Installations
[2010/09/05 22:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2010/09/05 22:11:17 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Difx3543.rra
[2010/09/05 22:11:17 | 000,000,000 | ---D | C] -- C:\RaidTool
[2010/09/05 22:11:13 | 000,115,824 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\SysNative\drivers\jraid.sys
[2010/09/05 22:11:11 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2010/09/05 22:10:56 | 000,260,608 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\AMBSpiE.exe
[2010/09/05 22:10:56 | 000,135,680 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\cfgChain.exe
[2010/09/05 22:10:56 | 000,110,080 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysNative\cttele64.dll
[2010/09/05 22:10:56 | 000,102,400 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\cttele32.dll
[2010/09/05 22:10:56 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\Updreg.EXE
[2010/09/05 22:10:56 | 000,017,920 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\AmbRunE.dll
[2010/09/05 22:10:56 | 000,008,704 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\ResDefE.exe
[2010/09/05 22:10:52 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/05 22:10:52 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/05 22:10:52 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/09/05 22:10:52 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/09/05 22:10:50 | 002,873,823 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2010/09/05 22:10:50 | 001,910,272 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2010/09/05 22:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2010/09/05 22:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/09/05 22:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2010/09/05 22:08:49 | 001,301,504 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2010/09/05 22:08:49 | 000,980,480 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2010/09/05 22:08:49 | 000,853,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO64.DLL
[2010/09/05 22:08:49 | 000,722,944 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO32.DLL
[2010/09/05 22:08:49 | 000,534,528 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2010/09/05 22:08:49 | 000,242,176 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2010/09/05 22:08:49 | 000,193,024 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2010/09/05 22:08:49 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2010/09/05 22:08:49 | 000,084,992 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2010/09/05 22:08:49 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2010/09/05 22:08:49 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2010/09/05 22:08:49 | 000,072,704 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMWRP64.DLL
[2010/09/05 22:08:49 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPLD64.DLL
[2010/09/05 22:08:49 | 000,053,760 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPCN64.DLL
[2010/09/05 22:08:49 | 000,025,600 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\VMfilt64.sys
[2010/09/05 22:08:34 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010/09/05 22:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2010/09/05 22:07:08 | 000,000,000 | ---D | C] -- C:\Windows\AsDmiHtm
[2010/09/05 22:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2010/09/05 22:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/09/05 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\v\Documents\3DMark05_v130_1901[1]
[2010/09/05 20:36:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2010/09/05 20:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2010/09/05 20:35:52 | 000,000,000 | ---D | C] -- C:\Users\v\Documents\3DMark03_v360_1901[1]
[2010/09/05 20:21:32 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/09/05 20:21:32 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/09/05 20:21:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/09/05 20:21:31 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/09/05 20:21:31 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/09/05 20:21:30 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/09/05 20:21:23 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/09/05 20:21:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/09/05 20:21:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/09/05 20:21:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/09/05 20:21:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/09/05 20:21:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/09/05 20:21:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/05 20:20:58 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/09/05 20:20:58 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/09/05 20:20:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/09/05 20:20:58 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/09/05 20:20:53 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/09/05 20:20:53 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/09/05 20:20:41 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/09/05 20:20:41 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/09/05 20:20:41 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/09/05 20:20:41 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/09/05 20:20:41 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/09/05 20:20:41 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/09/05 20:20:41 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/09/05 20:20:41 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/09/05 20:20:41 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/09/05 20:20:41 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/09/05 20:20:41 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/09/05 20:20:41 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/09/05 20:20:40 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/09/05 20:20:40 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/09/05 20:20:40 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/09/05 20:20:40 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/09/05 20:20:40 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/09/05 20:20:40 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/09/05 20:20:40 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/09/05 20:20:40 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/09/05 20:20:40 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/09/05 20:20:40 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/09/05 20:20:40 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/09/05 20:20:40 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/09/05 20:20:40 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/09/05 20:20:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/09/05 20:20:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/09/05 20:20:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/09/05 20:20:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/09/05 20:20:39 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/09/05 20:20:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/09/05 20:20:39 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/09/05 20:20:39 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/09/05 20:20:39 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/09/05 20:20:39 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/09/05 20:20:39 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/09/05 20:20:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/09/05 20:20:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/09/05 20:20:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/09/05 20:20:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/09/05 20:20:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/09/05 20:20:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/09/05 20:20:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/09/05 20:20:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/09/05 20:20:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/09/05 20:20:31 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/09/05 20:20:31 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/09/05 20:20:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/09/05 20:08:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/09/05 20:08:27 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/09/05 20:08:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/09/05 20:08:27 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/09/05 20:05:00 | 000,000,000 | R--D | C] -- C:\Users\v\Searches
[2010/09/05 20:05:00 | 000,000,000 | -H-D | C] -- C:\Users\v\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/09/05 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\Identities
[2010/09/05 20:04:51 | 000,000,000 | R--D | C] -- C:\Users\v\Contacts
[2010/09/05 20:04:49 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\VirtualStore
[2010/09/05 20:03:35 | 000,000,000 | --SD | C] -- C:\Users\v\AppData\Roaming\Microsoft
[2010/09/05 20:03:35 | 000,000,000 | R--D | C] -- C:\Users\v\Videos
[2010/09/05 20:03:35 | 000,000,000 | R--D | C] -- C:\Users\v\Saved Games
[2010/09/05 20:03:35 | 000,000,000 | R--D | C] -- C:\Users\v\Pictures
[2010/09/05 20:03:35 | 000,000,000 | R--D | C] -- C:\Users\v\Music
[2010/09/05 20:03:35 | 000,000,000 | R--D | C] -- C:\Users\v\Links
[2010/09/05 20:03:35 | 000,000,000 | R--D | C] -- C:\Users\v\Favorites
[2010/09/05 20:03:35 | 000,000,000 | R--D | C] -- C:\Users\v\Downloads
[2010/09/05 20:03:35 | 000,000,000 | R--D | C] -- C:\Users\v\My Documents
[2010/09/05 20:03:35 | 000,000,000 | R--D | C] -- C:\Users\v\Desktop
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\AppData\Local\Temporary Internet Files
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\Templates
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\Start Menu
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\SendTo
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\Recent
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\PrintHood
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\NetHood
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\Documents\My Videos
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\Documents\My Pictures
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\Documents\My Music
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\My Documents
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\Local Settings
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\AppData\Local\History
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\Cookies
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\Application Data
[2010/09/05 20:03:35 | 000,000,000 | -HSD | C] -- C:\Users\v\AppData\Local\Application Data
[2010/09/05 20:03:35 | 000,000,000 | -H-D | C] -- C:\Users\v\AppData
[2010/09/05 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Temp
[2010/09/05 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Microsoft
[2010/09/05 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\Media Center Programs
[2010/09/05 20:03:25 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/09/05 20:03:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/09/05 19:56:00 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/05 19:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2010/09/05 19:55:34 | 000,000,000 | ---D | C] -- C:\Windows\{0D59735E-1DA7-4E6D-B1CC-44A4F59FD0FD}
[2010/09/05 19:24:09 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Roaming\ATI
[2010/09/05 19:24:09 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\ATI
[2010/09/05 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/09/05 19:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/09/05 19:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/09/05 19:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/09/05 19:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diamond Multimedia Drivers
[2010/09/05 19:18:29 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/09/05 19:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/27 20:13:54 | 005,242,880 | -HS- | M] () -- C:\Users\v\ntuser.dat
[2010/09/27 20:13:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe
[2010/09/27 20:10:29 | 000,002,093 | ---- | M] () -- C:\Users\v\Desktop\HijackThis.lnk
[2010/09/27 20:10:12 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\v\Desktop\HJTInstall.exe
[2010/09/27 20:04:35 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 20:04:35 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 20:03:52 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/27 20:03:52 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/27 20:03:52 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/27 19:59:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/27 19:59:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/27 19:59:23 | 2146,045,951 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/27 19:58:31 | 001,491,289 | -H-- | M] () -- C:\Users\v\AppData\Local\IconCache.db
[2010/09/27 19:57:20 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Dr.Web Update.job
[2010/09/27 00:01:36 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Dr.Web Daily scan.job
[2010/09/26 23:55:10 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Dr.Web Scanner.lnk
[2010/09/26 23:53:16 | 000,122,872 | ---- | M] (Doctor Web) -- C:\Windows\SysNative\drivers\drwebaf.sys
[2010/09/26 23:53:16 | 000,102,904 | ---- | M] (Doctor Web) -- C:\Windows\SysNative\drivers\DrWebPF.sys
[2010/09/26 23:49:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/09/26 22:49:12 | 000,419,497 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/26 22:30:03 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2010/09/08 13:48:41 | 000,524,288 | -HS- | M] () -- C:\Users\v\ntuser.dat{25ec5ab2-bb6d-11df-81ea-20cf301f0269}.TMContainer00000000000000000002.regtrans-ms
[2010/09/08 13:48:41 | 000,524,288 | -HS- | M] () -- C:\Users\v\ntuser.dat{25ec5ab2-bb6d-11df-81ea-20cf301f0269}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 13:48:41 | 000,065,536 | -HS- | M] () -- C:\Users\v\ntuser.dat{25ec5ab2-bb6d-11df-81ea-20cf301f0269}.TM.blf
[2010/09/08 00:33:04 | 030,376,092 | ---- | M] () -- C:\Users\v\Documents\Image.nrg
[2010/09/08 00:31:43 | 030,376,092 | ---- | M] () -- C:\Users\v\Documents\a01.nrg
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/07 02:06:29 | 000,000,219 | ---- | M] () -- C:\Users\v\Desktop\Left 4 Dead.url
[2010/09/07 00:58:49 | 000,007,605 | ---- | M] () -- C:\Users\v\AppData\Local\Resmon.ResmonCfg
[2010/09/06 22:43:06 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
[2010/09/06 22:41:16 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/09/06 22:41:16 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/09/06 22:41:16 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/09/06 22:19:56 | 000,000,219 | ---- | M] () -- C:\Users\v\Desktop\Left 4 Dead 2.url
[2010/09/06 22:19:31 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/06 20:53:30 | 000,001,970 | ---- | M] () -- C:\Users\v\Application Data\Microsoft\Internet Explorer\Quick Launch\Zinc.lnk
[2010/09/06 20:53:30 | 000,001,946 | ---- | M] () -- C:\Users\v\Desktop\Zinc.lnk
[2010/09/06 20:53:29 | 000,001,158 | ---- | M] () -- C:\Users\v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZvRemote.lnk
[2010/09/06 20:29:37 | 000,002,242 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
[2010/09/06 20:29:37 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\forteManager.lnk
[2010/09/06 11:39:38 | 008,558,109 | ---- | M] () -- C:\Users\v\Desktop\ProbeII_V10488_XpVistaWin7.zip
[2010/09/06 11:30:47 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010/09/06 10:39:41 | 000,001,264 | ---- | M] () -- C:\Users\v\Desktop\Revo Uninstaller.lnk
[2010/09/06 10:38:27 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/09/05 23:29:11 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/09/05 23:12:43 | 000,417,891 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100926-224912.backup
[2010/09/05 23:11:48 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/05 23:02:25 | 000,417,891 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100905-231243.backup
[2010/09/05 23:00:30 | 000,001,258 | ---- | M] () -- C:\Users\v\Desktop\Spybot - Search & Destroy.lnk
[2010/09/05 22:36:32 | 000,001,724 | ---- | M] () -- C:\Users\v\Desktop\Defraggler.lnk
[2010/09/05 22:34:33 | 000,001,007 | ---- | M] () -- C:\Users\v\Desktop\CCleaner.lnk
[2010/09/05 22:24:10 | 000,046,379 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2010/09/05 22:20:20 | 000,000,670 | ---- | M] () -- C:\Windows\setup.iss
[2010/09/05 22:10:56 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/09/05 22:10:52 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/09/05 22:10:52 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/09/05 22:10:52 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/09/05 22:10:52 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/09/05 22:06:47 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/09/05 22:05:16 | 000,033,292 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2010/09/05 21:53:17 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\3DMark05.lnk
[2010/09/05 20:28:05 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/05 20:03:42 | 000,524,288 | -HS- | M] () -- C:\Users\v\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/09/05 20:03:42 | 000,524,288 | -HS- | M] () -- C:\Users\v\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/09/05 20:03:42 | 000,065,536 | -HS- | M] () -- C:\Users\v\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/09/05 20:03:35 | 000,000,020 | -HS- | M] () -- C:\Users\v\ntuser.ini
[2010/09/05 19:55:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/05 19:22:53 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/09/05 19:21:43 | 000,001,437 | ---- | M] () -- C:\Users\v\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/05 19:19:34 | 000,002,811 | ---- | M] () -- C:\Users\Public\Desktop\Diamond Drivers 6.3 Win7Vista Setup.lnk
[2010/09/05 19:15:15 | 000,057,560 | ---- | M] () -- C:\Users\v\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/05 19:09:16 | 000,001,122 | ---- | M] () -- C:\Users\v\Desktop\EVEREST Ultimate Edition.lnk
[2010/08/31 01:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/27 20:10:29 | 000,002,093 | ---- | C] () -- C:\Users\v\Desktop\HijackThis.lnk
[2010/09/26 23:55:35 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Dr.Web Daily scan.job
[2010/09/26 23:55:34 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Dr.Web Update.job
[2010/09/26 23:55:10 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Dr.Web Scanner.lnk
[2010/09/26 22:30:03 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2010/09/08 13:48:41 | 000,524,288 | -HS- | C] () -- C:\Users\v\ntuser.dat{25ec5ab2-bb6d-11df-81ea-20cf301f0269}.TMContainer00000000000000000002.regtrans-ms
[2010/09/08 13:48:41 | 000,524,288 | -HS- | C] () -- C:\Users\v\ntuser.dat{25ec5ab2-bb6d-11df-81ea-20cf301f0269}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 13:48:41 | 000,065,536 | -HS- | C] () -- C:\Users\v\ntuser.dat{25ec5ab2-bb6d-11df-81ea-20cf301f0269}.TM.blf
[2010/09/08 00:33:03 | 030,376,092 | ---- | C] () -- C:\Users\v\Documents\Image.nrg
[2010/09/08 00:31:40 | 030,376,092 | ---- | C] () -- C:\Users\v\Documents\a01.nrg
[2010/09/07 02:06:29 | 000,000,219 | ---- | C] () -- C:\Users\v\Desktop\Left 4 Dead.url
[2010/09/07 00:58:49 | 000,007,605 | ---- | C] () -- C:\Users\v\AppData\Local\Resmon.ResmonCfg
[2010/09/06 22:43:06 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
[2010/09/06 22:19:55 | 000,000,219 | ---- | C] () -- C:\Users\v\Desktop\Left 4 Dead 2.url
[2010/09/06 22:18:38 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/09/06 20:53:30 | 000,001,970 | ---- | C] () -- C:\Users\v\Application Data\Microsoft\Internet Explorer\Quick Launch\Zinc.lnk
[2010/09/06 20:53:30 | 000,001,946 | ---- | C] () -- C:\Users\v\Desktop\Zinc.lnk
[2010/09/06 20:53:29 | 000,001,158 | ---- | C] () -- C:\Users\v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZvRemote.lnk
[2010/09/06 20:20:59 | 000,002,242 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
[2010/09/06 20:20:59 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\forteManager.lnk
[2010/09/06 11:39:34 | 008,558,109 | ---- | C] () -- C:\Users\v\Desktop\ProbeII_V10488_XpVistaWin7.zip
[2010/09/06 11:30:47 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010/09/06 10:39:41 | 000,001,264 | ---- | C] () -- C:\Users\v\Desktop\Revo Uninstaller.lnk
[2010/09/06 10:38:27 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/09/06 02:11:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/09/05 23:29:11 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/09/05 23:11:48 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/05 23:00:30 | 000,001,258 | ---- | C] () -- C:\Users\v\Desktop\Spybot - Search & Destroy.lnk
[2010/09/05 22:36:32 | 000,001,724 | ---- | C] () -- C:\Users\v\Desktop\Defraggler.lnk
[2010/09/05 22:34:33 | 000,001,007 | ---- | C] () -- C:\Users\v\Desktop\CCleaner.lnk
[2010/09/05 22:18:24 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/09/05 22:18:24 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/09/05 22:18:21 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/09/05 22:18:20 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/09/05 22:18:05 | 000,000,670 | ---- | C] () -- C:\Windows\setup.iss
[2010/09/05 22:10:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2010/09/05 22:10:56 | 000,170,496 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/09/05 22:10:56 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2010/09/05 22:10:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/09/05 22:10:56 | 000,005,037 | ---- | C] () -- C:\Windows\SysNative\cfgfx.ini
[2010/09/05 22:10:56 | 000,002,773 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/09/05 22:10:56 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/09/05 22:10:56 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/09/05 22:10:56 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010/09/05 22:08:03 | 000,046,379 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/09/05 22:04:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/05 22:04:13 | 000,033,292 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/09/05 21:53:17 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\3DMark05.lnk
[2010/09/05 20:03:35 | 005,242,880 | -HS- | C] () -- C:\Users\v\ntuser.dat
[2010/09/05 20:03:35 | 000,524,288 | -HS- | C] () -- C:\Users\v\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/09/05 20:03:35 | 000,524,288 | -HS- | C] () -- C:\Users\v\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/09/05 20:03:35 | 000,262,144 | -HS- | C] () -- C:\Users\v\ntuser.dat.LOG1
[2010/09/05 20:03:35 | 000,065,536 | -HS- | C] () -- C:\Users\v\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/09/05 20:03:35 | 000,000,290 | ---- | C] () -- C:\Users\v\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/05 20:03:35 | 000,000,272 | ---- | C] () -- C:\Users\v\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/05 20:03:35 | 000,000,020 | -HS- | C] () -- C:\Users\v\ntuser.ini
[2010/09/05 20:03:35 | 000,000,000 | -HS- | C] () -- C:\Users\v\ntuser.dat.LOG2
[2010/09/05 19:55:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/05 19:22:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/05 19:21:43 | 000,001,437 | ---- | C] () -- C:\Users\v\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/05 19:19:34 | 000,002,811 | ---- | C] () -- C:\Users\Public\Desktop\Diamond Drivers 6.3 Win7Vista Setup.lnk
[2010/09/05 19:09:16 | 000,001,122 | ---- | C] () -- C:\Users\v\Desktop\EVEREST Ultimate Edition.lnk
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/09/19 01:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008/09/19 01:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
< End of report >

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:59 PM

Posted 28 September 2010 - 04:57 AM

QUOTE
Earlier I found two files I was unable to remove from my system one was DAODx.exe and the other was allegedly quarantined by Dr. Web (A0001005.exe).
Dr. Web is known for its false-positive detections and this is no exception. The DAODx.exe file is related to ASUSTek. The other one is most likely in System Restore.

What actual problems are you having besides this?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 28 September 2010 - 06:25 PM

When I start the computer up I get a broken line image across my screen as Windows starts up, it's very quick and only appears for a few tenths of a second. The infection which came from another hard drive froma different computer, displayed similar characteristics and when I try to get my mail from yahoo, there seems to be another process running for a very long time yet does not show in my system process screen.
If in your opinion these are innocuous, I will disregard them but I wanted to make sure because there are so many 023 files claiming file missing whenever I run a scan with HJT which display as follows for example:

023 - Service: @Systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner -C:\windows\system32\wbengine.exe (file missing)

There are about 20 of this type of notification for different files. If it's because of me using a 64 bit operating system that's fine and I will ignore the 'file missing' messages but I wasn't sure why so many.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:59 PM

Posted 29 September 2010 - 04:07 AM

Hi, these messages are because of 64 bit incompatibility with HJT. See also here for info about this file.

At which point do you get the broken line image. Sounds like me more as the point where the video card drivers are started and as such would be quite normal.

I really see no evidence of malware and unless you are having symptoms (extreme slowness, pop ups, redirects, to name a few), I have no reason to believe your computer is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:59 PM

Posted 04 October 2010 - 04:55 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:59 PM

Posted 10 October 2010 - 05:25 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users